3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
47 #include "phy_common.h"
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69 "enable(1) / disable(0) Bad Frames Preemption");
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83 static int modparam_qos = 1;
84 module_param_named(qos, modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
91 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
92 module_param_named(verbose, b43_modparam_verbose, int, 0644);
93 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
96 static const struct ssb_device_id b43_ssb_tbl[] = {
97 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
98 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
99 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
100 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
101 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
102 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
103 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
104 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
105 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
109 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
111 /* Channel and ratetables are shared for all devices.
112 * They can't be const, because ieee80211 puts some precalculated
113 * data in there. This data is the same for all devices, so we don't
114 * get concurrency issues */
115 #define RATETAB_ENT(_rateid, _flags) \
117 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
118 .hw_value = (_rateid), \
123 * NOTE: When changing this, sync with xmit.c's
124 * b43_plcp_get_bitrate_idx_* functions!
126 static struct ieee80211_rate __b43_ratetable[] = {
127 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
128 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
129 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
130 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
131 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
132 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
133 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
134 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
135 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
136 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
137 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
138 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
141 #define b43_a_ratetable (__b43_ratetable + 4)
142 #define b43_a_ratetable_size 8
143 #define b43_b_ratetable (__b43_ratetable + 0)
144 #define b43_b_ratetable_size 4
145 #define b43_g_ratetable (__b43_ratetable + 0)
146 #define b43_g_ratetable_size 12
148 #define CHAN4G(_channel, _freq, _flags) { \
149 .band = IEEE80211_BAND_2GHZ, \
150 .center_freq = (_freq), \
151 .hw_value = (_channel), \
153 .max_antenna_gain = 0, \
156 static struct ieee80211_channel b43_2ghz_chantable[] = {
174 #define CHAN5G(_channel, _flags) { \
175 .band = IEEE80211_BAND_5GHZ, \
176 .center_freq = 5000 + (5 * (_channel)), \
177 .hw_value = (_channel), \
179 .max_antenna_gain = 0, \
182 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
183 CHAN5G(32, 0), CHAN5G(34, 0),
184 CHAN5G(36, 0), CHAN5G(38, 0),
185 CHAN5G(40, 0), CHAN5G(42, 0),
186 CHAN5G(44, 0), CHAN5G(46, 0),
187 CHAN5G(48, 0), CHAN5G(50, 0),
188 CHAN5G(52, 0), CHAN5G(54, 0),
189 CHAN5G(56, 0), CHAN5G(58, 0),
190 CHAN5G(60, 0), CHAN5G(62, 0),
191 CHAN5G(64, 0), CHAN5G(66, 0),
192 CHAN5G(68, 0), CHAN5G(70, 0),
193 CHAN5G(72, 0), CHAN5G(74, 0),
194 CHAN5G(76, 0), CHAN5G(78, 0),
195 CHAN5G(80, 0), CHAN5G(82, 0),
196 CHAN5G(84, 0), CHAN5G(86, 0),
197 CHAN5G(88, 0), CHAN5G(90, 0),
198 CHAN5G(92, 0), CHAN5G(94, 0),
199 CHAN5G(96, 0), CHAN5G(98, 0),
200 CHAN5G(100, 0), CHAN5G(102, 0),
201 CHAN5G(104, 0), CHAN5G(106, 0),
202 CHAN5G(108, 0), CHAN5G(110, 0),
203 CHAN5G(112, 0), CHAN5G(114, 0),
204 CHAN5G(116, 0), CHAN5G(118, 0),
205 CHAN5G(120, 0), CHAN5G(122, 0),
206 CHAN5G(124, 0), CHAN5G(126, 0),
207 CHAN5G(128, 0), CHAN5G(130, 0),
208 CHAN5G(132, 0), CHAN5G(134, 0),
209 CHAN5G(136, 0), CHAN5G(138, 0),
210 CHAN5G(140, 0), CHAN5G(142, 0),
211 CHAN5G(144, 0), CHAN5G(145, 0),
212 CHAN5G(146, 0), CHAN5G(147, 0),
213 CHAN5G(148, 0), CHAN5G(149, 0),
214 CHAN5G(150, 0), CHAN5G(151, 0),
215 CHAN5G(152, 0), CHAN5G(153, 0),
216 CHAN5G(154, 0), CHAN5G(155, 0),
217 CHAN5G(156, 0), CHAN5G(157, 0),
218 CHAN5G(158, 0), CHAN5G(159, 0),
219 CHAN5G(160, 0), CHAN5G(161, 0),
220 CHAN5G(162, 0), CHAN5G(163, 0),
221 CHAN5G(164, 0), CHAN5G(165, 0),
222 CHAN5G(166, 0), CHAN5G(168, 0),
223 CHAN5G(170, 0), CHAN5G(172, 0),
224 CHAN5G(174, 0), CHAN5G(176, 0),
225 CHAN5G(178, 0), CHAN5G(180, 0),
226 CHAN5G(182, 0), CHAN5G(184, 0),
227 CHAN5G(186, 0), CHAN5G(188, 0),
228 CHAN5G(190, 0), CHAN5G(192, 0),
229 CHAN5G(194, 0), CHAN5G(196, 0),
230 CHAN5G(198, 0), CHAN5G(200, 0),
231 CHAN5G(202, 0), CHAN5G(204, 0),
232 CHAN5G(206, 0), CHAN5G(208, 0),
233 CHAN5G(210, 0), CHAN5G(212, 0),
234 CHAN5G(214, 0), CHAN5G(216, 0),
235 CHAN5G(218, 0), CHAN5G(220, 0),
236 CHAN5G(222, 0), CHAN5G(224, 0),
237 CHAN5G(226, 0), CHAN5G(228, 0),
240 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
241 CHAN5G(34, 0), CHAN5G(36, 0),
242 CHAN5G(38, 0), CHAN5G(40, 0),
243 CHAN5G(42, 0), CHAN5G(44, 0),
244 CHAN5G(46, 0), CHAN5G(48, 0),
245 CHAN5G(52, 0), CHAN5G(56, 0),
246 CHAN5G(60, 0), CHAN5G(64, 0),
247 CHAN5G(100, 0), CHAN5G(104, 0),
248 CHAN5G(108, 0), CHAN5G(112, 0),
249 CHAN5G(116, 0), CHAN5G(120, 0),
250 CHAN5G(124, 0), CHAN5G(128, 0),
251 CHAN5G(132, 0), CHAN5G(136, 0),
252 CHAN5G(140, 0), CHAN5G(149, 0),
253 CHAN5G(153, 0), CHAN5G(157, 0),
254 CHAN5G(161, 0), CHAN5G(165, 0),
255 CHAN5G(184, 0), CHAN5G(188, 0),
256 CHAN5G(192, 0), CHAN5G(196, 0),
257 CHAN5G(200, 0), CHAN5G(204, 0),
258 CHAN5G(208, 0), CHAN5G(212, 0),
263 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
264 .band = IEEE80211_BAND_5GHZ,
265 .channels = b43_5ghz_nphy_chantable,
266 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
267 .bitrates = b43_a_ratetable,
268 .n_bitrates = b43_a_ratetable_size,
271 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
272 .band = IEEE80211_BAND_5GHZ,
273 .channels = b43_5ghz_aphy_chantable,
274 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
275 .bitrates = b43_a_ratetable,
276 .n_bitrates = b43_a_ratetable_size,
279 static struct ieee80211_supported_band b43_band_2GHz = {
280 .band = IEEE80211_BAND_2GHZ,
281 .channels = b43_2ghz_chantable,
282 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
283 .bitrates = b43_g_ratetable,
284 .n_bitrates = b43_g_ratetable_size,
287 static void b43_wireless_core_exit(struct b43_wldev *dev);
288 static int b43_wireless_core_init(struct b43_wldev *dev);
289 static void b43_wireless_core_stop(struct b43_wldev *dev);
290 static int b43_wireless_core_start(struct b43_wldev *dev);
292 static int b43_ratelimit(struct b43_wl *wl)
294 if (!wl || !wl->current_dev)
296 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
298 /* We are up and running.
299 * Ratelimit the messages to avoid DoS over the net. */
300 return net_ratelimit();
303 void b43info(struct b43_wl *wl, const char *fmt, ...)
307 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
309 if (!b43_ratelimit(wl))
312 printk(KERN_INFO "b43-%s: ",
313 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
318 void b43err(struct b43_wl *wl, const char *fmt, ...)
322 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
324 if (!b43_ratelimit(wl))
327 printk(KERN_ERR "b43-%s ERROR: ",
328 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
333 void b43warn(struct b43_wl *wl, const char *fmt, ...)
337 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
339 if (!b43_ratelimit(wl))
342 printk(KERN_WARNING "b43-%s warning: ",
343 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
348 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
352 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
355 printk(KERN_DEBUG "b43-%s debug: ",
356 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
361 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
365 B43_WARN_ON(offset % 4 != 0);
367 macctl = b43_read32(dev, B43_MMIO_MACCTL);
368 if (macctl & B43_MACCTL_BE)
371 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
373 b43_write32(dev, B43_MMIO_RAM_DATA, val);
376 static inline void b43_shm_control_word(struct b43_wldev *dev,
377 u16 routing, u16 offset)
381 /* "offset" is the WORD offset. */
385 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
388 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
392 if (routing == B43_SHM_SHARED) {
393 B43_WARN_ON(offset & 0x0001);
394 if (offset & 0x0003) {
395 /* Unaligned access */
396 b43_shm_control_word(dev, routing, offset >> 2);
397 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
398 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
399 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
405 b43_shm_control_word(dev, routing, offset);
406 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
411 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
413 struct b43_wl *wl = dev->wl;
417 spin_lock_irqsave(&wl->shm_lock, flags);
418 ret = __b43_shm_read32(dev, routing, offset);
419 spin_unlock_irqrestore(&wl->shm_lock, flags);
424 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
428 if (routing == B43_SHM_SHARED) {
429 B43_WARN_ON(offset & 0x0001);
430 if (offset & 0x0003) {
431 /* Unaligned access */
432 b43_shm_control_word(dev, routing, offset >> 2);
433 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
439 b43_shm_control_word(dev, routing, offset);
440 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
445 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
447 struct b43_wl *wl = dev->wl;
451 spin_lock_irqsave(&wl->shm_lock, flags);
452 ret = __b43_shm_read16(dev, routing, offset);
453 spin_unlock_irqrestore(&wl->shm_lock, flags);
458 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
460 if (routing == B43_SHM_SHARED) {
461 B43_WARN_ON(offset & 0x0001);
462 if (offset & 0x0003) {
463 /* Unaligned access */
464 b43_shm_control_word(dev, routing, offset >> 2);
465 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
467 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
468 b43_write16(dev, B43_MMIO_SHM_DATA,
469 (value >> 16) & 0xFFFF);
474 b43_shm_control_word(dev, routing, offset);
475 b43_write32(dev, B43_MMIO_SHM_DATA, value);
478 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
480 struct b43_wl *wl = dev->wl;
483 spin_lock_irqsave(&wl->shm_lock, flags);
484 __b43_shm_write32(dev, routing, offset, value);
485 spin_unlock_irqrestore(&wl->shm_lock, flags);
488 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
490 if (routing == B43_SHM_SHARED) {
491 B43_WARN_ON(offset & 0x0001);
492 if (offset & 0x0003) {
493 /* Unaligned access */
494 b43_shm_control_word(dev, routing, offset >> 2);
495 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
500 b43_shm_control_word(dev, routing, offset);
501 b43_write16(dev, B43_MMIO_SHM_DATA, value);
504 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
506 struct b43_wl *wl = dev->wl;
509 spin_lock_irqsave(&wl->shm_lock, flags);
510 __b43_shm_write16(dev, routing, offset, value);
511 spin_unlock_irqrestore(&wl->shm_lock, flags);
515 u64 b43_hf_read(struct b43_wldev *dev)
519 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
521 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
523 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
528 /* Write HostFlags */
529 void b43_hf_write(struct b43_wldev *dev, u64 value)
533 lo = (value & 0x00000000FFFFULL);
534 mi = (value & 0x0000FFFF0000ULL) >> 16;
535 hi = (value & 0xFFFF00000000ULL) >> 32;
536 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
537 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
538 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
541 /* Read the firmware capabilities bitmask (Opensource firmware only) */
542 static u16 b43_fwcapa_read(struct b43_wldev *dev)
544 B43_WARN_ON(!dev->fw.opensource);
545 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
548 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
552 B43_WARN_ON(dev->dev->id.revision < 3);
554 /* The hardware guarantees us an atomic read, if we
555 * read the low register first. */
556 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
557 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
564 static void b43_time_lock(struct b43_wldev *dev)
568 macctl = b43_read32(dev, B43_MMIO_MACCTL);
569 macctl |= B43_MACCTL_TBTTHOLD;
570 b43_write32(dev, B43_MMIO_MACCTL, macctl);
571 /* Commit the write */
572 b43_read32(dev, B43_MMIO_MACCTL);
575 static void b43_time_unlock(struct b43_wldev *dev)
579 macctl = b43_read32(dev, B43_MMIO_MACCTL);
580 macctl &= ~B43_MACCTL_TBTTHOLD;
581 b43_write32(dev, B43_MMIO_MACCTL, macctl);
582 /* Commit the write */
583 b43_read32(dev, B43_MMIO_MACCTL);
586 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
590 B43_WARN_ON(dev->dev->id.revision < 3);
594 /* The hardware guarantees us an atomic write, if we
595 * write the low register first. */
596 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
598 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
602 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
605 b43_tsf_write_locked(dev, tsf);
606 b43_time_unlock(dev);
610 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
612 static const u8 zero_addr[ETH_ALEN] = { 0 };
619 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
623 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
626 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
629 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
632 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
636 u8 mac_bssid[ETH_ALEN * 2];
640 bssid = dev->wl->bssid;
641 mac = dev->wl->mac_addr;
643 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
645 memcpy(mac_bssid, mac, ETH_ALEN);
646 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
648 /* Write our MAC address and BSSID to template ram */
649 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
650 tmp = (u32) (mac_bssid[i + 0]);
651 tmp |= (u32) (mac_bssid[i + 1]) << 8;
652 tmp |= (u32) (mac_bssid[i + 2]) << 16;
653 tmp |= (u32) (mac_bssid[i + 3]) << 24;
654 b43_ram_write(dev, 0x20 + i, tmp);
658 static void b43_upload_card_macaddress(struct b43_wldev *dev)
660 b43_write_mac_bssid_templates(dev);
661 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
664 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
666 /* slot_time is in usec. */
667 if (dev->phy.type != B43_PHYTYPE_G)
669 b43_write16(dev, 0x684, 510 + slot_time);
670 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
673 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
675 b43_set_slot_time(dev, 9);
678 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
680 b43_set_slot_time(dev, 20);
683 /* Synchronize IRQ top- and bottom-half.
684 * IRQs must be masked before calling this.
685 * This must not be called with the irq_lock held.
687 static void b43_synchronize_irq(struct b43_wldev *dev)
689 synchronize_irq(dev->dev->irq);
690 tasklet_kill(&dev->isr_tasklet);
693 /* DummyTransmission function, as documented on
694 * http://bcm-specs.sipsolutions.net/DummyTransmission
696 void b43_dummy_transmission(struct b43_wldev *dev)
698 struct b43_wl *wl = dev->wl;
699 struct b43_phy *phy = &dev->phy;
700 unsigned int i, max_loop;
713 buffer[0] = 0x000201CC;
718 buffer[0] = 0x000B846E;
725 spin_lock_irq(&wl->irq_lock);
726 write_lock(&wl->tx_lock);
728 for (i = 0; i < 5; i++)
729 b43_ram_write(dev, i * 4, buffer[i]);
732 b43_read32(dev, B43_MMIO_MACCTL);
734 b43_write16(dev, 0x0568, 0x0000);
735 b43_write16(dev, 0x07C0, 0x0000);
736 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
737 b43_write16(dev, 0x050C, value);
738 b43_write16(dev, 0x0508, 0x0000);
739 b43_write16(dev, 0x050A, 0x0000);
740 b43_write16(dev, 0x054C, 0x0000);
741 b43_write16(dev, 0x056A, 0x0014);
742 b43_write16(dev, 0x0568, 0x0826);
743 b43_write16(dev, 0x0500, 0x0000);
744 b43_write16(dev, 0x0502, 0x0030);
746 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
747 b43_radio_write16(dev, 0x0051, 0x0017);
748 for (i = 0x00; i < max_loop; i++) {
749 value = b43_read16(dev, 0x050E);
754 for (i = 0x00; i < 0x0A; i++) {
755 value = b43_read16(dev, 0x050E);
760 for (i = 0x00; i < 0x19; i++) {
761 value = b43_read16(dev, 0x0690);
762 if (!(value & 0x0100))
766 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
767 b43_radio_write16(dev, 0x0051, 0x0037);
769 write_unlock(&wl->tx_lock);
770 spin_unlock_irq(&wl->irq_lock);
773 static void key_write(struct b43_wldev *dev,
774 u8 index, u8 algorithm, const u8 *key)
781 /* Key index/algo block */
782 kidx = b43_kidx_to_fw(dev, index);
783 value = ((kidx << 4) | algorithm);
784 b43_shm_write16(dev, B43_SHM_SHARED,
785 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
787 /* Write the key to the Key Table Pointer offset */
788 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
789 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
791 value |= (u16) (key[i + 1]) << 8;
792 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
796 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
798 u32 addrtmp[2] = { 0, 0, };
799 u8 per_sta_keys_start = 8;
801 if (b43_new_kidx_api(dev))
802 per_sta_keys_start = 4;
804 B43_WARN_ON(index < per_sta_keys_start);
805 /* We have two default TX keys and possibly two default RX keys.
806 * Physical mac 0 is mapped to physical key 4 or 8, depending
807 * on the firmware version.
808 * So we must adjust the index here.
810 index -= per_sta_keys_start;
813 addrtmp[0] = addr[0];
814 addrtmp[0] |= ((u32) (addr[1]) << 8);
815 addrtmp[0] |= ((u32) (addr[2]) << 16);
816 addrtmp[0] |= ((u32) (addr[3]) << 24);
817 addrtmp[1] = addr[4];
818 addrtmp[1] |= ((u32) (addr[5]) << 8);
821 if (dev->dev->id.revision >= 5) {
822 /* Receive match transmitter address mechanism */
823 b43_shm_write32(dev, B43_SHM_RCMTA,
824 (index * 2) + 0, addrtmp[0]);
825 b43_shm_write16(dev, B43_SHM_RCMTA,
826 (index * 2) + 1, addrtmp[1]);
828 /* RXE (Receive Engine) and
829 * PSM (Programmable State Machine) mechanism
832 /* TODO write to RCM 16, 19, 22 and 25 */
834 b43_shm_write32(dev, B43_SHM_SHARED,
835 B43_SHM_SH_PSM + (index * 6) + 0,
837 b43_shm_write16(dev, B43_SHM_SHARED,
838 B43_SHM_SH_PSM + (index * 6) + 4,
844 static void do_key_write(struct b43_wldev *dev,
845 u8 index, u8 algorithm,
846 const u8 *key, size_t key_len, const u8 *mac_addr)
848 u8 buf[B43_SEC_KEYSIZE] = { 0, };
849 u8 per_sta_keys_start = 8;
851 if (b43_new_kidx_api(dev))
852 per_sta_keys_start = 4;
854 B43_WARN_ON(index >= dev->max_nr_keys);
855 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
857 if (index >= per_sta_keys_start)
858 keymac_write(dev, index, NULL); /* First zero out mac. */
860 memcpy(buf, key, key_len);
861 key_write(dev, index, algorithm, buf);
862 if (index >= per_sta_keys_start)
863 keymac_write(dev, index, mac_addr);
865 dev->key[index].algorithm = algorithm;
868 static int b43_key_write(struct b43_wldev *dev,
869 int index, u8 algorithm,
870 const u8 *key, size_t key_len,
872 struct ieee80211_key_conf *keyconf)
877 if (key_len > B43_SEC_KEYSIZE)
879 for (i = 0; i < dev->max_nr_keys; i++) {
880 /* Check that we don't already have this key. */
881 B43_WARN_ON(dev->key[i].keyconf == keyconf);
884 /* Pairwise key. Get an empty slot for the key. */
885 if (b43_new_kidx_api(dev))
889 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
890 if (!dev->key[i].keyconf) {
897 b43warn(dev->wl, "Out of hardware key memory\n");
901 B43_WARN_ON(index > 3);
903 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
904 if ((index <= 3) && !b43_new_kidx_api(dev)) {
906 B43_WARN_ON(mac_addr);
907 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
909 keyconf->hw_key_idx = index;
910 dev->key[index].keyconf = keyconf;
915 static int b43_key_clear(struct b43_wldev *dev, int index)
917 if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
919 do_key_write(dev, index, B43_SEC_ALGO_NONE,
920 NULL, B43_SEC_KEYSIZE, NULL);
921 if ((index <= 3) && !b43_new_kidx_api(dev)) {
922 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
923 NULL, B43_SEC_KEYSIZE, NULL);
925 dev->key[index].keyconf = NULL;
930 static void b43_clear_keys(struct b43_wldev *dev)
934 for (i = 0; i < dev->max_nr_keys; i++)
935 b43_key_clear(dev, i);
938 static void b43_dump_keymemory(struct b43_wldev *dev)
940 unsigned int i, index, offset;
948 if (!b43_debug(dev, B43_DBG_KEYS))
951 hf = b43_hf_read(dev);
952 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
953 !!(hf & B43_HF_USEDEFKEYS));
954 for (index = 0; index < dev->max_nr_keys; index++) {
955 key = &(dev->key[index]);
956 printk(KERN_DEBUG "Key slot %02u: %s",
957 index, (key->keyconf == NULL) ? " " : "*");
958 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
959 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
960 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
961 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
964 algo = b43_shm_read16(dev, B43_SHM_SHARED,
965 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
966 printk(" Algo: %04X/%02X", algo, key->algorithm);
969 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
970 ((index - 4) * 2) + 0);
971 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
972 ((index - 4) * 2) + 1);
973 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
974 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
975 printk(" MAC: %pM", mac);
977 printk(" DEFAULT KEY");
982 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
990 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
991 (ps_flags & B43_PS_DISABLED));
992 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
994 if (ps_flags & B43_PS_ENABLED) {
996 } else if (ps_flags & B43_PS_DISABLED) {
999 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1000 // and thus is not an AP and we are associated, set bit 25
1002 if (ps_flags & B43_PS_AWAKE) {
1004 } else if (ps_flags & B43_PS_ASLEEP) {
1007 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1008 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1009 // successful, set bit26
1012 /* FIXME: For now we force awake-on and hwps-off */
1016 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1018 macctl |= B43_MACCTL_HWPS;
1020 macctl &= ~B43_MACCTL_HWPS;
1022 macctl |= B43_MACCTL_AWAKE;
1024 macctl &= ~B43_MACCTL_AWAKE;
1025 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1027 b43_read32(dev, B43_MMIO_MACCTL);
1028 if (awake && dev->dev->id.revision >= 5) {
1029 /* Wait for the microcode to wake up. */
1030 for (i = 0; i < 100; i++) {
1031 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1032 B43_SHM_SH_UCODESTAT);
1033 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1040 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1045 flags |= B43_TMSLOW_PHYCLKEN;
1046 flags |= B43_TMSLOW_PHYRESET;
1047 ssb_device_enable(dev->dev, flags);
1048 msleep(2); /* Wait for the PLL to turn on. */
1050 /* Now take the PHY out of Reset again */
1051 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1052 tmslow |= SSB_TMSLOW_FGC;
1053 tmslow &= ~B43_TMSLOW_PHYRESET;
1054 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1055 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1057 tmslow &= ~SSB_TMSLOW_FGC;
1058 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1059 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1062 /* Turn Analog ON, but only if we already know the PHY-type.
1063 * This protects against very early setup where we don't know the
1064 * PHY-type, yet. wireless_core_reset will be called once again later,
1065 * when we know the PHY-type. */
1067 dev->phy.ops->switch_analog(dev, 1);
1069 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1070 macctl &= ~B43_MACCTL_GMODE;
1071 if (flags & B43_TMSLOW_GMODE)
1072 macctl |= B43_MACCTL_GMODE;
1073 macctl |= B43_MACCTL_IHR_ENABLED;
1074 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1077 static void handle_irq_transmit_status(struct b43_wldev *dev)
1081 struct b43_txstatus stat;
1084 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1085 if (!(v0 & 0x00000001))
1087 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1089 stat.cookie = (v0 >> 16);
1090 stat.seq = (v1 & 0x0000FFFF);
1091 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1092 tmp = (v0 & 0x0000FFFF);
1093 stat.frame_count = ((tmp & 0xF000) >> 12);
1094 stat.rts_count = ((tmp & 0x0F00) >> 8);
1095 stat.supp_reason = ((tmp & 0x001C) >> 2);
1096 stat.pm_indicated = !!(tmp & 0x0080);
1097 stat.intermediate = !!(tmp & 0x0040);
1098 stat.for_ampdu = !!(tmp & 0x0020);
1099 stat.acked = !!(tmp & 0x0002);
1101 b43_handle_txstatus(dev, &stat);
1105 static void drain_txstatus_queue(struct b43_wldev *dev)
1109 if (dev->dev->id.revision < 5)
1111 /* Read all entries from the microcode TXstatus FIFO
1112 * and throw them away.
1115 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1116 if (!(dummy & 0x00000001))
1118 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1122 static u32 b43_jssi_read(struct b43_wldev *dev)
1126 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1128 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1133 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1135 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1136 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1139 static void b43_generate_noise_sample(struct b43_wldev *dev)
1141 b43_jssi_write(dev, 0x7F7F7F7F);
1142 b43_write32(dev, B43_MMIO_MACCMD,
1143 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1146 static void b43_calculate_link_quality(struct b43_wldev *dev)
1148 /* Top half of Link Quality calculation. */
1150 if (dev->phy.type != B43_PHYTYPE_G)
1152 if (dev->noisecalc.calculation_running)
1154 dev->noisecalc.calculation_running = 1;
1155 dev->noisecalc.nr_samples = 0;
1157 b43_generate_noise_sample(dev);
1160 static void handle_irq_noise(struct b43_wldev *dev)
1162 struct b43_phy_g *phy = dev->phy.g;
1168 /* Bottom half of Link Quality calculation. */
1170 if (dev->phy.type != B43_PHYTYPE_G)
1173 /* Possible race condition: It might be possible that the user
1174 * changed to a different channel in the meantime since we
1175 * started the calculation. We ignore that fact, since it's
1176 * not really that much of a problem. The background noise is
1177 * an estimation only anyway. Slightly wrong results will get damped
1178 * by the averaging of the 8 sample rounds. Additionally the
1179 * value is shortlived. So it will be replaced by the next noise
1180 * calculation round soon. */
1182 B43_WARN_ON(!dev->noisecalc.calculation_running);
1183 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1184 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1185 noise[2] == 0x7F || noise[3] == 0x7F)
1188 /* Get the noise samples. */
1189 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1190 i = dev->noisecalc.nr_samples;
1191 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1192 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1193 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1194 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1195 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1196 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1197 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1198 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1199 dev->noisecalc.nr_samples++;
1200 if (dev->noisecalc.nr_samples == 8) {
1201 /* Calculate the Link Quality by the noise samples. */
1203 for (i = 0; i < 8; i++) {
1204 for (j = 0; j < 4; j++)
1205 average += dev->noisecalc.samples[i][j];
1211 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1212 tmp = (tmp / 128) & 0x1F;
1222 dev->stats.link_noise = average;
1223 dev->noisecalc.calculation_running = 0;
1227 b43_generate_noise_sample(dev);
1230 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1232 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1235 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1236 b43_power_saving_ctl_bits(dev, 0);
1238 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1242 static void handle_irq_atim_end(struct b43_wldev *dev)
1244 if (dev->dfq_valid) {
1245 b43_write32(dev, B43_MMIO_MACCMD,
1246 b43_read32(dev, B43_MMIO_MACCMD)
1247 | B43_MACCMD_DFQ_VALID);
1252 static void handle_irq_pmq(struct b43_wldev *dev)
1259 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1260 if (!(tmp & 0x00000008))
1263 /* 16bit write is odd, but correct. */
1264 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1267 static void b43_write_template_common(struct b43_wldev *dev,
1268 const u8 *data, u16 size,
1270 u16 shm_size_offset, u8 rate)
1273 struct b43_plcp_hdr4 plcp;
1276 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1277 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1278 ram_offset += sizeof(u32);
1279 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1280 * So leave the first two bytes of the next write blank.
1282 tmp = (u32) (data[0]) << 16;
1283 tmp |= (u32) (data[1]) << 24;
1284 b43_ram_write(dev, ram_offset, tmp);
1285 ram_offset += sizeof(u32);
1286 for (i = 2; i < size; i += sizeof(u32)) {
1287 tmp = (u32) (data[i + 0]);
1289 tmp |= (u32) (data[i + 1]) << 8;
1291 tmp |= (u32) (data[i + 2]) << 16;
1293 tmp |= (u32) (data[i + 3]) << 24;
1294 b43_ram_write(dev, ram_offset + i - 2, tmp);
1296 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1297 size + sizeof(struct b43_plcp_hdr6));
1300 /* Check if the use of the antenna that ieee80211 told us to
1301 * use is possible. This will fall back to DEFAULT.
1302 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1303 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1308 if (antenna_nr == 0) {
1309 /* Zero means "use default antenna". That's always OK. */
1313 /* Get the mask of available antennas. */
1315 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1317 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1319 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1320 /* This antenna is not available. Fall back to default. */
1327 /* Convert a b43 antenna number value to the PHY TX control value. */
1328 static u16 b43_antenna_to_phyctl(int antenna)
1332 return B43_TXH_PHY_ANT0;
1334 return B43_TXH_PHY_ANT1;
1336 return B43_TXH_PHY_ANT2;
1338 return B43_TXH_PHY_ANT3;
1339 case B43_ANTENNA_AUTO:
1340 return B43_TXH_PHY_ANT01AUTO;
1346 static void b43_write_beacon_template(struct b43_wldev *dev,
1348 u16 shm_size_offset)
1350 unsigned int i, len, variable_len;
1351 const struct ieee80211_mgmt *bcn;
1357 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1359 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1360 len = min((size_t) dev->wl->current_beacon->len,
1361 0x200 - sizeof(struct b43_plcp_hdr6));
1362 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1364 b43_write_template_common(dev, (const u8 *)bcn,
1365 len, ram_offset, shm_size_offset, rate);
1367 /* Write the PHY TX control parameters. */
1368 antenna = B43_ANTENNA_DEFAULT;
1369 antenna = b43_antenna_to_phyctl(antenna);
1370 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1371 /* We can't send beacons with short preamble. Would get PHY errors. */
1372 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1373 ctl &= ~B43_TXH_PHY_ANT;
1374 ctl &= ~B43_TXH_PHY_ENC;
1376 if (b43_is_cck_rate(rate))
1377 ctl |= B43_TXH_PHY_ENC_CCK;
1379 ctl |= B43_TXH_PHY_ENC_OFDM;
1380 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1382 /* Find the position of the TIM and the DTIM_period value
1383 * and write them to SHM. */
1384 ie = bcn->u.beacon.variable;
1385 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1386 for (i = 0; i < variable_len - 2; ) {
1387 uint8_t ie_id, ie_len;
1394 /* This is the TIM Information Element */
1396 /* Check whether the ie_len is in the beacon data range. */
1397 if (variable_len < ie_len + 2 + i)
1399 /* A valid TIM is at least 4 bytes long. */
1404 tim_position = sizeof(struct b43_plcp_hdr6);
1405 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1408 dtim_period = ie[i + 3];
1410 b43_shm_write16(dev, B43_SHM_SHARED,
1411 B43_SHM_SH_TIMBPOS, tim_position);
1412 b43_shm_write16(dev, B43_SHM_SHARED,
1413 B43_SHM_SH_DTIMPER, dtim_period);
1420 * If ucode wants to modify TIM do it behind the beacon, this
1421 * will happen, for example, when doing mesh networking.
1423 b43_shm_write16(dev, B43_SHM_SHARED,
1425 len + sizeof(struct b43_plcp_hdr6));
1426 b43_shm_write16(dev, B43_SHM_SHARED,
1427 B43_SHM_SH_DTIMPER, 0);
1429 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1432 static void b43_upload_beacon0(struct b43_wldev *dev)
1434 struct b43_wl *wl = dev->wl;
1436 if (wl->beacon0_uploaded)
1438 b43_write_beacon_template(dev, 0x68, 0x18);
1439 wl->beacon0_uploaded = 1;
1442 static void b43_upload_beacon1(struct b43_wldev *dev)
1444 struct b43_wl *wl = dev->wl;
1446 if (wl->beacon1_uploaded)
1448 b43_write_beacon_template(dev, 0x468, 0x1A);
1449 wl->beacon1_uploaded = 1;
1452 static void handle_irq_beacon(struct b43_wldev *dev)
1454 struct b43_wl *wl = dev->wl;
1455 u32 cmd, beacon0_valid, beacon1_valid;
1457 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1458 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1461 /* This is the bottom half of the asynchronous beacon update. */
1463 /* Ignore interrupt in the future. */
1464 dev->irq_mask &= ~B43_IRQ_BEACON;
1466 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1467 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1468 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1470 /* Schedule interrupt manually, if busy. */
1471 if (beacon0_valid && beacon1_valid) {
1472 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1473 dev->irq_mask |= B43_IRQ_BEACON;
1477 if (unlikely(wl->beacon_templates_virgin)) {
1478 /* We never uploaded a beacon before.
1479 * Upload both templates now, but only mark one valid. */
1480 wl->beacon_templates_virgin = 0;
1481 b43_upload_beacon0(dev);
1482 b43_upload_beacon1(dev);
1483 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1484 cmd |= B43_MACCMD_BEACON0_VALID;
1485 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1487 if (!beacon0_valid) {
1488 b43_upload_beacon0(dev);
1489 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1490 cmd |= B43_MACCMD_BEACON0_VALID;
1491 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1492 } else if (!beacon1_valid) {
1493 b43_upload_beacon1(dev);
1494 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1495 cmd |= B43_MACCMD_BEACON1_VALID;
1496 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1501 static void b43_beacon_update_trigger_work(struct work_struct *work)
1503 struct b43_wl *wl = container_of(work, struct b43_wl,
1504 beacon_update_trigger);
1505 struct b43_wldev *dev;
1507 mutex_lock(&wl->mutex);
1508 dev = wl->current_dev;
1509 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1510 spin_lock_irq(&wl->irq_lock);
1511 /* update beacon right away or defer to irq */
1512 handle_irq_beacon(dev);
1513 /* The handler might have updated the IRQ mask. */
1514 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1516 spin_unlock_irq(&wl->irq_lock);
1518 mutex_unlock(&wl->mutex);
1521 /* Asynchronously update the packet templates in template RAM.
1522 * Locking: Requires wl->irq_lock to be locked. */
1523 static void b43_update_templates(struct b43_wl *wl)
1525 struct sk_buff *beacon;
1527 /* This is the top half of the ansynchronous beacon update.
1528 * The bottom half is the beacon IRQ.
1529 * Beacon update must be asynchronous to avoid sending an
1530 * invalid beacon. This can happen for example, if the firmware
1531 * transmits a beacon while we are updating it. */
1533 /* We could modify the existing beacon and set the aid bit in
1534 * the TIM field, but that would probably require resizing and
1535 * moving of data within the beacon template.
1536 * Simply request a new beacon and let mac80211 do the hard work. */
1537 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1538 if (unlikely(!beacon))
1541 if (wl->current_beacon)
1542 dev_kfree_skb_any(wl->current_beacon);
1543 wl->current_beacon = beacon;
1544 wl->beacon0_uploaded = 0;
1545 wl->beacon1_uploaded = 0;
1546 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1549 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1552 if (dev->dev->id.revision >= 3) {
1553 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1554 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1556 b43_write16(dev, 0x606, (beacon_int >> 6));
1557 b43_write16(dev, 0x610, beacon_int);
1559 b43_time_unlock(dev);
1560 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1563 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1567 /* Read the register that contains the reason code for the panic. */
1568 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1569 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1573 b43dbg(dev->wl, "The panic reason is unknown.\n");
1575 case B43_FWPANIC_DIE:
1576 /* Do not restart the controller or firmware.
1577 * The device is nonfunctional from now on.
1578 * Restarting would result in this panic to trigger again,
1579 * so we avoid that recursion. */
1581 case B43_FWPANIC_RESTART:
1582 b43_controller_restart(dev, "Microcode panic");
1587 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1589 unsigned int i, cnt;
1590 u16 reason, marker_id, marker_line;
1593 /* The proprietary firmware doesn't have this IRQ. */
1594 if (!dev->fw.opensource)
1597 /* Read the register that contains the reason code for this IRQ. */
1598 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1601 case B43_DEBUGIRQ_PANIC:
1602 b43_handle_firmware_panic(dev);
1604 case B43_DEBUGIRQ_DUMP_SHM:
1606 break; /* Only with driver debugging enabled. */
1607 buf = kmalloc(4096, GFP_ATOMIC);
1609 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1612 for (i = 0; i < 4096; i += 2) {
1613 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1614 buf[i / 2] = cpu_to_le16(tmp);
1616 b43info(dev->wl, "Shared memory dump:\n");
1617 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1618 16, 2, buf, 4096, 1);
1621 case B43_DEBUGIRQ_DUMP_REGS:
1623 break; /* Only with driver debugging enabled. */
1624 b43info(dev->wl, "Microcode register dump:\n");
1625 for (i = 0, cnt = 0; i < 64; i++) {
1626 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1629 printk("r%02u: 0x%04X ", i, tmp);
1638 case B43_DEBUGIRQ_MARKER:
1640 break; /* Only with driver debugging enabled. */
1641 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1643 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1644 B43_MARKER_LINE_REG);
1645 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1646 "at line number %u\n",
1647 marker_id, marker_line);
1650 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1654 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1655 b43_shm_write16(dev, B43_SHM_SCRATCH,
1656 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1659 /* Interrupt handler bottom-half */
1660 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1663 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1664 u32 merged_dma_reason = 0;
1666 unsigned long flags;
1668 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1670 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1672 reason = dev->irq_reason;
1673 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1674 dma_reason[i] = dev->dma_reason[i];
1675 merged_dma_reason |= dma_reason[i];
1678 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1679 b43err(dev->wl, "MAC transmission error\n");
1681 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1682 b43err(dev->wl, "PHY transmission error\n");
1684 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1685 atomic_set(&dev->phy.txerr_cnt,
1686 B43_PHY_TX_BADNESS_LIMIT);
1687 b43err(dev->wl, "Too many PHY TX errors, "
1688 "restarting the controller\n");
1689 b43_controller_restart(dev, "PHY TX errors");
1693 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1694 B43_DMAIRQ_NONFATALMASK))) {
1695 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1696 b43err(dev->wl, "Fatal DMA error: "
1697 "0x%08X, 0x%08X, 0x%08X, "
1698 "0x%08X, 0x%08X, 0x%08X\n",
1699 dma_reason[0], dma_reason[1],
1700 dma_reason[2], dma_reason[3],
1701 dma_reason[4], dma_reason[5]);
1702 b43_controller_restart(dev, "DMA error");
1704 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1707 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1708 b43err(dev->wl, "DMA error: "
1709 "0x%08X, 0x%08X, 0x%08X, "
1710 "0x%08X, 0x%08X, 0x%08X\n",
1711 dma_reason[0], dma_reason[1],
1712 dma_reason[2], dma_reason[3],
1713 dma_reason[4], dma_reason[5]);
1717 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1718 handle_irq_ucode_debug(dev);
1719 if (reason & B43_IRQ_TBTT_INDI)
1720 handle_irq_tbtt_indication(dev);
1721 if (reason & B43_IRQ_ATIM_END)
1722 handle_irq_atim_end(dev);
1723 if (reason & B43_IRQ_BEACON)
1724 handle_irq_beacon(dev);
1725 if (reason & B43_IRQ_PMQ)
1726 handle_irq_pmq(dev);
1727 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1729 if (reason & B43_IRQ_NOISESAMPLE_OK)
1730 handle_irq_noise(dev);
1732 /* Check the DMA reason registers for received data. */
1733 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1734 if (b43_using_pio_transfers(dev))
1735 b43_pio_rx(dev->pio.rx_queue);
1737 b43_dma_rx(dev->dma.rx_ring);
1739 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1740 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1741 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1742 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1743 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1745 if (reason & B43_IRQ_TX_OK)
1746 handle_irq_transmit_status(dev);
1748 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1750 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1753 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1755 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1757 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1758 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1759 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1760 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1761 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1763 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1767 /* Interrupt handler top-half */
1768 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1770 irqreturn_t ret = IRQ_NONE;
1771 struct b43_wldev *dev = dev_id;
1776 spin_lock(&dev->wl->irq_lock);
1778 if (unlikely(b43_status(dev) < B43_STAT_STARTED)) {
1779 /* This can only happen on shared IRQ lines. */
1782 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1783 if (reason == 0xffffffff) /* shared IRQ */
1786 reason &= dev->irq_mask;
1790 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1792 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1794 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1796 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1798 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1801 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1805 b43_interrupt_ack(dev, reason);
1806 /* disable all IRQs. They are enabled again in the bottom half. */
1807 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1808 /* save the reason code and call our bottom half. */
1809 dev->irq_reason = reason;
1810 tasklet_schedule(&dev->isr_tasklet);
1813 spin_unlock(&dev->wl->irq_lock);
1818 void b43_do_release_fw(struct b43_firmware_file *fw)
1820 release_firmware(fw->data);
1822 fw->filename = NULL;
1825 static void b43_release_firmware(struct b43_wldev *dev)
1827 b43_do_release_fw(&dev->fw.ucode);
1828 b43_do_release_fw(&dev->fw.pcm);
1829 b43_do_release_fw(&dev->fw.initvals);
1830 b43_do_release_fw(&dev->fw.initvals_band);
1833 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1837 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1838 "and download the correct firmware for this driver version. " \
1839 "Please carefully read all instructions on this website.\n";
1847 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1849 struct b43_firmware_file *fw)
1851 const struct firmware *blob;
1852 struct b43_fw_header *hdr;
1857 /* Don't fetch anything. Free possibly cached firmware. */
1858 /* FIXME: We should probably keep it anyway, to save some headache
1859 * on suspend/resume with multiband devices. */
1860 b43_do_release_fw(fw);
1864 if ((fw->type == ctx->req_type) &&
1865 (strcmp(fw->filename, name) == 0))
1866 return 0; /* Already have this fw. */
1867 /* Free the cached firmware first. */
1868 /* FIXME: We should probably do this later after we successfully
1869 * got the new fw. This could reduce headache with multiband devices.
1870 * We could also redesign this to cache the firmware for all possible
1871 * bands all the time. */
1872 b43_do_release_fw(fw);
1875 switch (ctx->req_type) {
1876 case B43_FWTYPE_PROPRIETARY:
1877 snprintf(ctx->fwname, sizeof(ctx->fwname),
1879 modparam_fwpostfix, name);
1881 case B43_FWTYPE_OPENSOURCE:
1882 snprintf(ctx->fwname, sizeof(ctx->fwname),
1884 modparam_fwpostfix, name);
1890 err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
1891 if (err == -ENOENT) {
1892 snprintf(ctx->errors[ctx->req_type],
1893 sizeof(ctx->errors[ctx->req_type]),
1894 "Firmware file \"%s\" not found\n", ctx->fwname);
1897 snprintf(ctx->errors[ctx->req_type],
1898 sizeof(ctx->errors[ctx->req_type]),
1899 "Firmware file \"%s\" request failed (err=%d)\n",
1903 if (blob->size < sizeof(struct b43_fw_header))
1905 hdr = (struct b43_fw_header *)(blob->data);
1906 switch (hdr->type) {
1907 case B43_FW_TYPE_UCODE:
1908 case B43_FW_TYPE_PCM:
1909 size = be32_to_cpu(hdr->size);
1910 if (size != blob->size - sizeof(struct b43_fw_header))
1913 case B43_FW_TYPE_IV:
1922 fw->filename = name;
1923 fw->type = ctx->req_type;
1928 snprintf(ctx->errors[ctx->req_type],
1929 sizeof(ctx->errors[ctx->req_type]),
1930 "Firmware file \"%s\" format error.\n", ctx->fwname);
1931 release_firmware(blob);
1936 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
1938 struct b43_wldev *dev = ctx->dev;
1939 struct b43_firmware *fw = &ctx->dev->fw;
1940 const u8 rev = ctx->dev->dev->id.revision;
1941 const char *filename;
1946 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
1947 if ((rev >= 5) && (rev <= 10))
1948 filename = "ucode5";
1949 else if ((rev >= 11) && (rev <= 12))
1950 filename = "ucode11";
1952 filename = "ucode13";
1955 err = b43_do_request_fw(ctx, filename, &fw->ucode);
1960 if ((rev >= 5) && (rev <= 10))
1966 fw->pcm_request_failed = 0;
1967 err = b43_do_request_fw(ctx, filename, &fw->pcm);
1968 if (err == -ENOENT) {
1969 /* We did not find a PCM file? Not fatal, but
1970 * core rev <= 10 must do without hwcrypto then. */
1971 fw->pcm_request_failed = 1;
1976 switch (dev->phy.type) {
1978 if ((rev >= 5) && (rev <= 10)) {
1979 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1980 filename = "a0g1initvals5";
1982 filename = "a0g0initvals5";
1984 goto err_no_initvals;
1987 if ((rev >= 5) && (rev <= 10))
1988 filename = "b0g0initvals5";
1990 filename = "b0g0initvals13";
1992 goto err_no_initvals;
1995 if ((rev >= 11) && (rev <= 12))
1996 filename = "n0initvals11";
1998 goto err_no_initvals;
2001 goto err_no_initvals;
2003 err = b43_do_request_fw(ctx, filename, &fw->initvals);
2007 /* Get bandswitch initvals */
2008 switch (dev->phy.type) {
2010 if ((rev >= 5) && (rev <= 10)) {
2011 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2012 filename = "a0g1bsinitvals5";
2014 filename = "a0g0bsinitvals5";
2015 } else if (rev >= 11)
2018 goto err_no_initvals;
2021 if ((rev >= 5) && (rev <= 10))
2022 filename = "b0g0bsinitvals5";
2026 goto err_no_initvals;
2029 if ((rev >= 11) && (rev <= 12))
2030 filename = "n0bsinitvals11";
2032 goto err_no_initvals;
2035 goto err_no_initvals;
2037 err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2044 err = ctx->fatal_failure = -EOPNOTSUPP;
2045 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2046 "is required for your device (wl-core rev %u)\n", rev);
2050 err = ctx->fatal_failure = -EOPNOTSUPP;
2051 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2052 "is required for your device (wl-core rev %u)\n", rev);
2056 err = ctx->fatal_failure = -EOPNOTSUPP;
2057 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2058 "is required for your device (wl-core rev %u)\n", rev);
2062 /* We failed to load this firmware image. The error message
2063 * already is in ctx->errors. Return and let our caller decide
2068 b43_release_firmware(dev);
2072 static int b43_request_firmware(struct b43_wldev *dev)
2074 struct b43_request_fw_context *ctx;
2079 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2084 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2085 err = b43_try_request_fw(ctx);
2087 goto out; /* Successfully loaded it. */
2088 err = ctx->fatal_failure;
2092 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2093 err = b43_try_request_fw(ctx);
2095 goto out; /* Successfully loaded it. */
2096 err = ctx->fatal_failure;
2100 /* Could not find a usable firmware. Print the errors. */
2101 for (i = 0; i < B43_NR_FWTYPES; i++) {
2102 errmsg = ctx->errors[i];
2104 b43err(dev->wl, errmsg);
2106 b43_print_fw_helptext(dev->wl, 1);
2114 static int b43_upload_microcode(struct b43_wldev *dev)
2116 const size_t hdr_len = sizeof(struct b43_fw_header);
2118 unsigned int i, len;
2119 u16 fwrev, fwpatch, fwdate, fwtime;
2123 /* Jump the microcode PSM to offset 0 */
2124 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2125 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2126 macctl |= B43_MACCTL_PSM_JMP0;
2127 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2128 /* Zero out all microcode PSM registers and shared memory. */
2129 for (i = 0; i < 64; i++)
2130 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2131 for (i = 0; i < 4096; i += 2)
2132 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2134 /* Upload Microcode. */
2135 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2136 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2137 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2138 for (i = 0; i < len; i++) {
2139 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2143 if (dev->fw.pcm.data) {
2144 /* Upload PCM data. */
2145 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2146 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2147 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2148 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2149 /* No need for autoinc bit in SHM_HW */
2150 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2151 for (i = 0; i < len; i++) {
2152 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2157 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2159 /* Start the microcode PSM */
2160 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2161 macctl &= ~B43_MACCTL_PSM_JMP0;
2162 macctl |= B43_MACCTL_PSM_RUN;
2163 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2165 /* Wait for the microcode to load and respond */
2168 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2169 if (tmp == B43_IRQ_MAC_SUSPENDED)
2173 b43err(dev->wl, "Microcode not responding\n");
2174 b43_print_fw_helptext(dev->wl, 1);
2178 msleep_interruptible(50);
2179 if (signal_pending(current)) {
2184 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2186 /* Get and check the revisions. */
2187 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2188 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2189 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2190 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2192 if (fwrev <= 0x128) {
2193 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2194 "binary drivers older than version 4.x is unsupported. "
2195 "You must upgrade your firmware files.\n");
2196 b43_print_fw_helptext(dev->wl, 1);
2200 dev->fw.rev = fwrev;
2201 dev->fw.patch = fwpatch;
2202 dev->fw.opensource = (fwdate == 0xFFFF);
2204 /* Default to use-all-queues. */
2205 dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2206 dev->qos_enabled = !!modparam_qos;
2207 /* Default to firmware/hardware crypto acceleration. */
2208 dev->hwcrypto_enabled = 1;
2210 if (dev->fw.opensource) {
2213 /* Patchlevel info is encoded in the "time" field. */
2214 dev->fw.patch = fwtime;
2215 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2216 dev->fw.rev, dev->fw.patch);
2218 fwcapa = b43_fwcapa_read(dev);
2219 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2220 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2221 /* Disable hardware crypto and fall back to software crypto. */
2222 dev->hwcrypto_enabled = 0;
2224 if (!(fwcapa & B43_FWCAPA_QOS)) {
2225 b43info(dev->wl, "QoS not supported by firmware\n");
2226 /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2227 * ieee80211_unregister to make sure the networking core can
2228 * properly free possible resources. */
2229 dev->wl->hw->queues = 1;
2230 dev->qos_enabled = 0;
2233 b43info(dev->wl, "Loading firmware version %u.%u "
2234 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2236 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2237 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2238 if (dev->fw.pcm_request_failed) {
2239 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2240 "Hardware accelerated cryptography is disabled.\n");
2241 b43_print_fw_helptext(dev->wl, 0);
2245 if (b43_is_old_txhdr_format(dev)) {
2246 /* We're over the deadline, but we keep support for old fw
2247 * until it turns out to be in major conflict with something new. */
2248 b43warn(dev->wl, "You are using an old firmware image. "
2249 "Support for old firmware will be removed soon "
2250 "(official deadline was July 2008).\n");
2251 b43_print_fw_helptext(dev->wl, 0);
2257 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2258 macctl &= ~B43_MACCTL_PSM_RUN;
2259 macctl |= B43_MACCTL_PSM_JMP0;
2260 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2265 static int b43_write_initvals(struct b43_wldev *dev,
2266 const struct b43_iv *ivals,
2270 const struct b43_iv *iv;
2275 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2277 for (i = 0; i < count; i++) {
2278 if (array_size < sizeof(iv->offset_size))
2280 array_size -= sizeof(iv->offset_size);
2281 offset = be16_to_cpu(iv->offset_size);
2282 bit32 = !!(offset & B43_IV_32BIT);
2283 offset &= B43_IV_OFFSET_MASK;
2284 if (offset >= 0x1000)
2289 if (array_size < sizeof(iv->data.d32))
2291 array_size -= sizeof(iv->data.d32);
2293 value = get_unaligned_be32(&iv->data.d32);
2294 b43_write32(dev, offset, value);
2296 iv = (const struct b43_iv *)((const uint8_t *)iv +
2302 if (array_size < sizeof(iv->data.d16))
2304 array_size -= sizeof(iv->data.d16);
2306 value = be16_to_cpu(iv->data.d16);
2307 b43_write16(dev, offset, value);
2309 iv = (const struct b43_iv *)((const uint8_t *)iv +
2320 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2321 b43_print_fw_helptext(dev->wl, 1);
2326 static int b43_upload_initvals(struct b43_wldev *dev)
2328 const size_t hdr_len = sizeof(struct b43_fw_header);
2329 const struct b43_fw_header *hdr;
2330 struct b43_firmware *fw = &dev->fw;
2331 const struct b43_iv *ivals;
2335 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2336 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2337 count = be32_to_cpu(hdr->size);
2338 err = b43_write_initvals(dev, ivals, count,
2339 fw->initvals.data->size - hdr_len);
2342 if (fw->initvals_band.data) {
2343 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2344 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2345 count = be32_to_cpu(hdr->size);
2346 err = b43_write_initvals(dev, ivals, count,
2347 fw->initvals_band.data->size - hdr_len);
2356 /* Initialize the GPIOs
2357 * http://bcm-specs.sipsolutions.net/GPIO
2359 static int b43_gpio_init(struct b43_wldev *dev)
2361 struct ssb_bus *bus = dev->dev->bus;
2362 struct ssb_device *gpiodev, *pcidev = NULL;
2365 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2366 & ~B43_MACCTL_GPOUTSMSK);
2368 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2373 if (dev->dev->bus->chip_id == 0x4301) {
2377 if (0 /* FIXME: conditional unknown */ ) {
2378 b43_write16(dev, B43_MMIO_GPIO_MASK,
2379 b43_read16(dev, B43_MMIO_GPIO_MASK)
2384 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2385 b43_write16(dev, B43_MMIO_GPIO_MASK,
2386 b43_read16(dev, B43_MMIO_GPIO_MASK)
2391 if (dev->dev->id.revision >= 2)
2392 mask |= 0x0010; /* FIXME: This is redundant. */
2394 #ifdef CONFIG_SSB_DRIVER_PCICORE
2395 pcidev = bus->pcicore.dev;
2397 gpiodev = bus->chipco.dev ? : pcidev;
2400 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2401 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2407 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2408 static void b43_gpio_cleanup(struct b43_wldev *dev)
2410 struct ssb_bus *bus = dev->dev->bus;
2411 struct ssb_device *gpiodev, *pcidev = NULL;
2413 #ifdef CONFIG_SSB_DRIVER_PCICORE
2414 pcidev = bus->pcicore.dev;
2416 gpiodev = bus->chipco.dev ? : pcidev;
2419 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2422 /* http://bcm-specs.sipsolutions.net/EnableMac */
2423 void b43_mac_enable(struct b43_wldev *dev)
2425 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2428 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2429 B43_SHM_SH_UCODESTAT);
2430 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2431 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2432 b43err(dev->wl, "b43_mac_enable(): The firmware "
2433 "should be suspended, but current state is %u\n",
2438 dev->mac_suspended--;
2439 B43_WARN_ON(dev->mac_suspended < 0);
2440 if (dev->mac_suspended == 0) {
2441 b43_write32(dev, B43_MMIO_MACCTL,
2442 b43_read32(dev, B43_MMIO_MACCTL)
2443 | B43_MACCTL_ENABLED);
2444 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2445 B43_IRQ_MAC_SUSPENDED);
2447 b43_read32(dev, B43_MMIO_MACCTL);
2448 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2449 b43_power_saving_ctl_bits(dev, 0);
2453 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2454 void b43_mac_suspend(struct b43_wldev *dev)
2460 B43_WARN_ON(dev->mac_suspended < 0);
2462 if (dev->mac_suspended == 0) {
2463 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2464 b43_write32(dev, B43_MMIO_MACCTL,
2465 b43_read32(dev, B43_MMIO_MACCTL)
2466 & ~B43_MACCTL_ENABLED);
2467 /* force pci to flush the write */
2468 b43_read32(dev, B43_MMIO_MACCTL);
2469 for (i = 35; i; i--) {
2470 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2471 if (tmp & B43_IRQ_MAC_SUSPENDED)
2475 /* Hm, it seems this will take some time. Use msleep(). */
2476 for (i = 40; i; i--) {
2477 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2478 if (tmp & B43_IRQ_MAC_SUSPENDED)
2482 b43err(dev->wl, "MAC suspend failed\n");
2485 dev->mac_suspended++;
2488 static void b43_adjust_opmode(struct b43_wldev *dev)
2490 struct b43_wl *wl = dev->wl;
2494 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2495 /* Reset status to STA infrastructure mode. */
2496 ctl &= ~B43_MACCTL_AP;
2497 ctl &= ~B43_MACCTL_KEEP_CTL;
2498 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2499 ctl &= ~B43_MACCTL_KEEP_BAD;
2500 ctl &= ~B43_MACCTL_PROMISC;
2501 ctl &= ~B43_MACCTL_BEACPROMISC;
2502 ctl |= B43_MACCTL_INFRA;
2504 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2505 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2506 ctl |= B43_MACCTL_AP;
2507 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2508 ctl &= ~B43_MACCTL_INFRA;
2510 if (wl->filter_flags & FIF_CONTROL)
2511 ctl |= B43_MACCTL_KEEP_CTL;
2512 if (wl->filter_flags & FIF_FCSFAIL)
2513 ctl |= B43_MACCTL_KEEP_BAD;
2514 if (wl->filter_flags & FIF_PLCPFAIL)
2515 ctl |= B43_MACCTL_KEEP_BADPLCP;
2516 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2517 ctl |= B43_MACCTL_PROMISC;
2518 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2519 ctl |= B43_MACCTL_BEACPROMISC;
2521 /* Workaround: On old hardware the HW-MAC-address-filter
2522 * doesn't work properly, so always run promisc in filter
2523 * it in software. */
2524 if (dev->dev->id.revision <= 4)
2525 ctl |= B43_MACCTL_PROMISC;
2527 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2530 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2531 if (dev->dev->bus->chip_id == 0x4306 &&
2532 dev->dev->bus->chip_rev == 3)
2537 b43_write16(dev, 0x612, cfp_pretbtt);
2540 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2546 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2549 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2551 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2552 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2555 static void b43_rate_memory_init(struct b43_wldev *dev)
2557 switch (dev->phy.type) {
2561 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2562 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2563 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2564 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2565 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2566 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2567 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2568 if (dev->phy.type == B43_PHYTYPE_A)
2572 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2573 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2574 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2575 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2582 /* Set the default values for the PHY TX Control Words. */
2583 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2587 ctl |= B43_TXH_PHY_ENC_CCK;
2588 ctl |= B43_TXH_PHY_ANT01AUTO;
2589 ctl |= B43_TXH_PHY_TXPWR;
2591 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2592 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2593 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2596 /* Set the TX-Antenna for management frames sent by firmware. */
2597 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2602 ant = b43_antenna_to_phyctl(antenna);
2605 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2606 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2607 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2608 /* For Probe Resposes */
2609 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2610 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2611 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2614 /* This is the opposite of b43_chip_init() */
2615 static void b43_chip_exit(struct b43_wldev *dev)
2618 b43_gpio_cleanup(dev);
2619 /* firmware is released later */
2622 /* Initialize the chip
2623 * http://bcm-specs.sipsolutions.net/ChipInit
2625 static int b43_chip_init(struct b43_wldev *dev)
2627 struct b43_phy *phy = &dev->phy;
2629 u32 value32, macctl;
2632 /* Initialize the MAC control */
2633 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2635 macctl |= B43_MACCTL_GMODE;
2636 macctl |= B43_MACCTL_INFRA;
2637 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2639 err = b43_request_firmware(dev);
2642 err = b43_upload_microcode(dev);
2644 goto out; /* firmware is released later */
2646 err = b43_gpio_init(dev);
2648 goto out; /* firmware is released later */
2650 err = b43_upload_initvals(dev);
2652 goto err_gpio_clean;
2654 /* Turn the Analog on and initialize the PHY. */
2655 phy->ops->switch_analog(dev, 1);
2656 err = b43_phy_init(dev);
2658 goto err_gpio_clean;
2660 /* Disable Interference Mitigation. */
2661 if (phy->ops->interf_mitigation)
2662 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2664 /* Select the antennae */
2665 if (phy->ops->set_rx_antenna)
2666 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2667 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2669 if (phy->type == B43_PHYTYPE_B) {
2670 value16 = b43_read16(dev, 0x005E);
2672 b43_write16(dev, 0x005E, value16);
2674 b43_write32(dev, 0x0100, 0x01000000);
2675 if (dev->dev->id.revision < 5)
2676 b43_write32(dev, 0x010C, 0x01000000);
2678 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2679 & ~B43_MACCTL_INFRA);
2680 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2681 | B43_MACCTL_INFRA);
2683 /* Probe Response Timeout value */
2684 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2685 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2687 /* Initially set the wireless operation mode. */
2688 b43_adjust_opmode(dev);
2690 if (dev->dev->id.revision < 3) {
2691 b43_write16(dev, 0x060E, 0x0000);
2692 b43_write16(dev, 0x0610, 0x8000);
2693 b43_write16(dev, 0x0604, 0x0000);
2694 b43_write16(dev, 0x0606, 0x0200);
2696 b43_write32(dev, 0x0188, 0x80000000);
2697 b43_write32(dev, 0x018C, 0x02000000);
2699 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2700 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2701 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2702 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2703 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2704 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2705 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2707 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2708 value32 |= 0x00100000;
2709 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2711 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2712 dev->dev->bus->chipco.fast_pwrup_delay);
2715 b43dbg(dev->wl, "Chip initialized\n");
2720 b43_gpio_cleanup(dev);
2724 static void b43_periodic_every60sec(struct b43_wldev *dev)
2726 const struct b43_phy_operations *ops = dev->phy.ops;
2728 if (ops->pwork_60sec)
2729 ops->pwork_60sec(dev);
2731 /* Force check the TX power emission now. */
2732 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2735 static void b43_periodic_every30sec(struct b43_wldev *dev)
2737 /* Update device statistics. */
2738 b43_calculate_link_quality(dev);
2741 static void b43_periodic_every15sec(struct b43_wldev *dev)
2743 struct b43_phy *phy = &dev->phy;
2746 if (dev->fw.opensource) {
2747 /* Check if the firmware is still alive.
2748 * It will reset the watchdog counter to 0 in its idle loop. */
2749 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2750 if (unlikely(wdr)) {
2751 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2752 b43_controller_restart(dev, "Firmware watchdog");
2755 b43_shm_write16(dev, B43_SHM_SCRATCH,
2756 B43_WATCHDOG_REG, 1);
2760 if (phy->ops->pwork_15sec)
2761 phy->ops->pwork_15sec(dev);
2763 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2767 static void do_periodic_work(struct b43_wldev *dev)
2771 state = dev->periodic_state;
2773 b43_periodic_every60sec(dev);
2775 b43_periodic_every30sec(dev);
2776 b43_periodic_every15sec(dev);
2779 /* Periodic work locking policy:
2780 * The whole periodic work handler is protected by
2781 * wl->mutex. If another lock is needed somewhere in the
2782 * pwork callchain, it's aquired in-place, where it's needed.
2784 static void b43_periodic_work_handler(struct work_struct *work)
2786 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2787 periodic_work.work);
2788 struct b43_wl *wl = dev->wl;
2789 unsigned long delay;
2791 mutex_lock(&wl->mutex);
2793 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2795 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2798 do_periodic_work(dev);
2800 dev->periodic_state++;
2802 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2803 delay = msecs_to_jiffies(50);
2805 delay = round_jiffies_relative(HZ * 15);
2806 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
2808 mutex_unlock(&wl->mutex);
2811 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2813 struct delayed_work *work = &dev->periodic_work;
2815 dev->periodic_state = 0;
2816 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2817 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
2820 /* Check if communication with the device works correctly. */
2821 static int b43_validate_chipaccess(struct b43_wldev *dev)
2823 u32 v, backup0, backup4;
2825 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2826 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
2828 /* Check for read/write and endianness problems. */
2829 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2830 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2832 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2833 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2836 /* Check if unaligned 32bit SHM_SHARED access works properly.
2837 * However, don't bail out on failure, because it's noncritical. */
2838 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
2839 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
2840 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
2841 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
2842 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
2843 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
2844 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
2845 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
2846 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
2847 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
2848 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
2849 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
2851 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
2852 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
2854 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2855 /* The 32bit register shadows the two 16bit registers
2856 * with update sideeffects. Validate this. */
2857 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2858 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2859 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2861 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2864 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2866 v = b43_read32(dev, B43_MMIO_MACCTL);
2867 v |= B43_MACCTL_GMODE;
2868 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2873 b43err(dev->wl, "Failed to validate the chipaccess\n");
2877 static void b43_security_init(struct b43_wldev *dev)
2879 dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2880 B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2881 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2882 /* KTP is a word address, but we address SHM bytewise.
2883 * So multiply by two.
2886 if (dev->dev->id.revision >= 5) {
2887 /* Number of RCMTA address slots */
2888 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2890 b43_clear_keys(dev);
2893 #ifdef CONFIG_B43_HWRNG
2894 static int b43_rng_read(struct hwrng *rng, u32 *data)
2896 struct b43_wl *wl = (struct b43_wl *)rng->priv;
2897 unsigned long flags;
2899 /* Don't take wl->mutex here, as it could deadlock with
2900 * hwrng internal locking. It's not needed to take
2901 * wl->mutex here, anyway. */
2903 spin_lock_irqsave(&wl->irq_lock, flags);
2904 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2905 spin_unlock_irqrestore(&wl->irq_lock, flags);
2907 return (sizeof(u16));
2909 #endif /* CONFIG_B43_HWRNG */
2911 static void b43_rng_exit(struct b43_wl *wl)
2913 #ifdef CONFIG_B43_HWRNG
2914 if (wl->rng_initialized)
2915 hwrng_unregister(&wl->rng);
2916 #endif /* CONFIG_B43_HWRNG */
2919 static int b43_rng_init(struct b43_wl *wl)
2923 #ifdef CONFIG_B43_HWRNG
2924 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2925 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2926 wl->rng.name = wl->rng_name;
2927 wl->rng.data_read = b43_rng_read;
2928 wl->rng.priv = (unsigned long)wl;
2929 wl->rng_initialized = 1;
2930 err = hwrng_register(&wl->rng);
2932 wl->rng_initialized = 0;
2933 b43err(wl, "Failed to register the random "
2934 "number generator (%d)\n", err);
2936 #endif /* CONFIG_B43_HWRNG */
2941 static int b43_op_tx(struct ieee80211_hw *hw,
2942 struct sk_buff *skb)
2944 struct b43_wl *wl = hw_to_b43_wl(hw);
2945 struct b43_wldev *dev = wl->current_dev;
2946 unsigned long flags;
2949 if (unlikely(skb->len < 2 + 2 + 6)) {
2950 /* Too short, this can't be a valid frame. */
2953 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2957 /* Transmissions on seperate queues can run concurrently. */
2958 read_lock_irqsave(&wl->tx_lock, flags);
2961 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
2962 if (b43_using_pio_transfers(dev))
2963 err = b43_pio_tx(dev, skb);
2965 err = b43_dma_tx(dev, skb);
2968 read_unlock_irqrestore(&wl->tx_lock, flags);
2972 return NETDEV_TX_OK;
2975 /* We can not transmit this packet. Drop it. */
2976 dev_kfree_skb_any(skb);
2977 return NETDEV_TX_OK;
2980 /* Locking: wl->irq_lock */
2981 static void b43_qos_params_upload(struct b43_wldev *dev,
2982 const struct ieee80211_tx_queue_params *p,
2985 u16 params[B43_NR_QOSPARAMS];
2989 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
2991 memset(¶ms, 0, sizeof(params));
2993 params[B43_QOSPARAM_TXOP] = p->txop * 32;
2994 params[B43_QOSPARAM_CWMIN] = p->cw_min;
2995 params[B43_QOSPARAM_CWMAX] = p->cw_max;
2996 params[B43_QOSPARAM_CWCUR] = p->cw_min;
2997 params[B43_QOSPARAM_AIFS] = p->aifs;
2998 params[B43_QOSPARAM_BSLOTS] = bslots;
2999 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3001 for (i = 0; i < ARRAY_SIZE(params); i++) {
3002 if (i == B43_QOSPARAM_STATUS) {
3003 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3004 shm_offset + (i * 2));
3005 /* Mark the parameters as updated. */
3007 b43_shm_write16(dev, B43_SHM_SHARED,
3008 shm_offset + (i * 2),
3011 b43_shm_write16(dev, B43_SHM_SHARED,
3012 shm_offset + (i * 2),
3018 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3019 static const u16 b43_qos_shm_offsets[] = {
3020 /* [mac80211-queue-nr] = SHM_OFFSET, */
3021 [0] = B43_QOS_VOICE,
3022 [1] = B43_QOS_VIDEO,
3023 [2] = B43_QOS_BESTEFFORT,
3024 [3] = B43_QOS_BACKGROUND,
3027 /* Update all QOS parameters in hardware. */
3028 static void b43_qos_upload_all(struct b43_wldev *dev)
3030 struct b43_wl *wl = dev->wl;
3031 struct b43_qos_params *params;
3034 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3035 ARRAY_SIZE(wl->qos_params));
3037 b43_mac_suspend(dev);
3038 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3039 params = &(wl->qos_params[i]);
3040 b43_qos_params_upload(dev, &(params->p),
3041 b43_qos_shm_offsets[i]);
3043 b43_mac_enable(dev);
3046 static void b43_qos_clear(struct b43_wl *wl)
3048 struct b43_qos_params *params;
3051 /* Initialize QoS parameters to sane defaults. */
3053 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3054 ARRAY_SIZE(wl->qos_params));
3056 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3057 params = &(wl->qos_params[i]);
3059 switch (b43_qos_shm_offsets[i]) {
3063 params->p.cw_min = 0x0001;
3064 params->p.cw_max = 0x0001;
3069 params->p.cw_min = 0x0001;
3070 params->p.cw_max = 0x0001;
3072 case B43_QOS_BESTEFFORT:
3075 params->p.cw_min = 0x0001;
3076 params->p.cw_max = 0x03FF;
3078 case B43_QOS_BACKGROUND:
3081 params->p.cw_min = 0x0001;
3082 params->p.cw_max = 0x03FF;
3090 /* Initialize the core's QOS capabilities */
3091 static void b43_qos_init(struct b43_wldev *dev)
3093 /* Upload the current QOS parameters. */
3094 b43_qos_upload_all(dev);
3096 /* Enable QOS support. */
3097 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3098 b43_write16(dev, B43_MMIO_IFSCTL,
3099 b43_read16(dev, B43_MMIO_IFSCTL)
3100 | B43_MMIO_IFSCTL_USE_EDCF);
3103 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3104 const struct ieee80211_tx_queue_params *params)
3106 struct b43_wl *wl = hw_to_b43_wl(hw);
3107 struct b43_wldev *dev;
3108 unsigned int queue = (unsigned int)_queue;
3111 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3112 /* Queue not available or don't support setting
3113 * params on this queue. Return success to not
3114 * confuse mac80211. */
3117 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3118 ARRAY_SIZE(wl->qos_params));
3120 mutex_lock(&wl->mutex);
3121 dev = wl->current_dev;
3122 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3125 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3126 b43_mac_suspend(dev);
3127 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3128 b43_qos_shm_offsets[queue]);
3129 b43_mac_enable(dev);
3133 mutex_unlock(&wl->mutex);
3138 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3139 struct ieee80211_tx_queue_stats *stats)
3141 struct b43_wl *wl = hw_to_b43_wl(hw);
3142 struct b43_wldev *dev = wl->current_dev;
3143 unsigned long flags;
3148 spin_lock_irqsave(&wl->irq_lock, flags);
3149 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3150 if (b43_using_pio_transfers(dev))
3151 b43_pio_get_tx_stats(dev, stats);
3153 b43_dma_get_tx_stats(dev, stats);
3156 spin_unlock_irqrestore(&wl->irq_lock, flags);
3161 static int b43_op_get_stats(struct ieee80211_hw *hw,
3162 struct ieee80211_low_level_stats *stats)
3164 struct b43_wl *wl = hw_to_b43_wl(hw);
3165 unsigned long flags;
3167 spin_lock_irqsave(&wl->irq_lock, flags);
3168 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3169 spin_unlock_irqrestore(&wl->irq_lock, flags);
3174 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
3176 struct b43_wl *wl = hw_to_b43_wl(hw);
3177 struct b43_wldev *dev;
3180 mutex_lock(&wl->mutex);
3181 spin_lock_irq(&wl->irq_lock);
3182 dev = wl->current_dev;
3184 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3185 b43_tsf_read(dev, &tsf);
3189 spin_unlock_irq(&wl->irq_lock);
3190 mutex_unlock(&wl->mutex);
3195 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
3197 struct b43_wl *wl = hw_to_b43_wl(hw);
3198 struct b43_wldev *dev;
3200 mutex_lock(&wl->mutex);
3201 spin_lock_irq(&wl->irq_lock);
3202 dev = wl->current_dev;
3204 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3205 b43_tsf_write(dev, tsf);
3207 spin_unlock_irq(&wl->irq_lock);
3208 mutex_unlock(&wl->mutex);
3211 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3213 struct ssb_device *sdev = dev->dev;
3216 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3217 tmslow &= ~B43_TMSLOW_GMODE;
3218 tmslow |= B43_TMSLOW_PHYRESET;
3219 tmslow |= SSB_TMSLOW_FGC;
3220 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3223 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3224 tmslow &= ~SSB_TMSLOW_FGC;
3225 tmslow |= B43_TMSLOW_PHYRESET;
3226 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3230 static const char *band_to_string(enum ieee80211_band band)
3233 case IEEE80211_BAND_5GHZ:
3235 case IEEE80211_BAND_2GHZ:
3244 /* Expects wl->mutex locked */
3245 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3247 struct b43_wldev *up_dev = NULL;
3248 struct b43_wldev *down_dev;
3249 struct b43_wldev *d;
3251 bool uninitialized_var(gmode);
3254 /* Find a device and PHY which supports the band. */
3255 list_for_each_entry(d, &wl->devlist, list) {
3256 switch (chan->band) {
3257 case IEEE80211_BAND_5GHZ:
3258 if (d->phy.supports_5ghz) {
3263 case IEEE80211_BAND_2GHZ:
3264 if (d->phy.supports_2ghz) {
3277 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3278 band_to_string(chan->band));
3281 if ((up_dev == wl->current_dev) &&
3282 (!!wl->current_dev->phy.gmode == !!gmode)) {
3283 /* This device is already running. */
3286 b43dbg(wl, "Switching to %s-GHz band\n",
3287 band_to_string(chan->band));
3288 down_dev = wl->current_dev;
3290 prev_status = b43_status(down_dev);
3291 /* Shutdown the currently running core. */
3292 if (prev_status >= B43_STAT_STARTED)
3293 b43_wireless_core_stop(down_dev);
3294 if (prev_status >= B43_STAT_INITIALIZED)
3295 b43_wireless_core_exit(down_dev);
3297 if (down_dev != up_dev) {
3298 /* We switch to a different core, so we put PHY into
3299 * RESET on the old core. */
3300 b43_put_phy_into_reset(down_dev);
3303 /* Now start the new core. */
3304 up_dev->phy.gmode = gmode;
3305 if (prev_status >= B43_STAT_INITIALIZED) {
3306 err = b43_wireless_core_init(up_dev);
3308 b43err(wl, "Fatal: Could not initialize device for "
3309 "selected %s-GHz band\n",
3310 band_to_string(chan->band));
3314 if (prev_status >= B43_STAT_STARTED) {
3315 err = b43_wireless_core_start(up_dev);
3317 b43err(wl, "Fatal: Coult not start device for "
3318 "selected %s-GHz band\n",
3319 band_to_string(chan->band));
3320 b43_wireless_core_exit(up_dev);
3324 B43_WARN_ON(b43_status(up_dev) != prev_status);
3326 wl->current_dev = up_dev;
3330 /* Whoops, failed to init the new core. No core is operating now. */
3331 wl->current_dev = NULL;
3335 /* Write the short and long frame retry limit values. */
3336 static void b43_set_retry_limits(struct b43_wldev *dev,
3337 unsigned int short_retry,
3338 unsigned int long_retry)
3340 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3341 * the chip-internal counter. */
3342 short_retry = min(short_retry, (unsigned int)0xF);
3343 long_retry = min(long_retry, (unsigned int)0xF);
3345 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3347 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3351 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3353 struct b43_wl *wl = hw_to_b43_wl(hw);
3354 struct b43_wldev *dev;
3355 struct b43_phy *phy;
3356 struct ieee80211_conf *conf = &hw->conf;
3357 unsigned long flags;
3361 mutex_lock(&wl->mutex);
3363 /* Switch the band (if necessary). This might change the active core. */
3364 err = b43_switch_band(wl, conf->channel);
3366 goto out_unlock_mutex;
3367 dev = wl->current_dev;
3370 b43_mac_suspend(dev);
3372 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3373 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3374 conf->long_frame_max_tx_count);
3375 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3377 goto out_mac_enable;
3379 /* Switch to the requested channel.
3380 * The firmware takes care of races with the TX handler. */
3381 if (conf->channel->hw_value != phy->channel)
3382 b43_switch_channel(dev, conf->channel->hw_value);
3384 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3386 /* Adjust the desired TX power level. */
3387 if (conf->power_level != 0) {
3388 spin_lock_irqsave(&wl->irq_lock, flags);
3389 if (conf->power_level != phy->desired_txpower) {
3390 phy->desired_txpower = conf->power_level;
3391 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3392 B43_TXPWR_IGNORE_TSSI);
3394 spin_unlock_irqrestore(&wl->irq_lock, flags);
3397 /* Antennas for RX and management frame TX. */
3398 antenna = B43_ANTENNA_DEFAULT;
3399 b43_mgmtframe_txantenna(dev, antenna);
3400 antenna = B43_ANTENNA_DEFAULT;
3401 if (phy->ops->set_rx_antenna)
3402 phy->ops->set_rx_antenna(dev, antenna);
3404 if (wl->radio_enabled != phy->radio_on) {
3405 if (wl->radio_enabled) {
3406 b43_software_rfkill(dev, false);
3407 b43info(dev->wl, "Radio turned on by software\n");
3408 if (!dev->radio_hw_enable) {
3409 b43info(dev->wl, "The hardware RF-kill button "
3410 "still turns the radio physically off. "
3411 "Press the button to turn it on.\n");
3414 b43_software_rfkill(dev, true);
3415 b43info(dev->wl, "Radio turned off by software\n");
3420 b43_mac_enable(dev);
3422 mutex_unlock(&wl->mutex);
3427 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3429 struct ieee80211_supported_band *sband =
3430 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3431 struct ieee80211_rate *rate;
3433 u16 basic, direct, offset, basic_offset, rateptr;
3435 for (i = 0; i < sband->n_bitrates; i++) {
3436 rate = &sband->bitrates[i];
3438 if (b43_is_cck_rate(rate->hw_value)) {
3439 direct = B43_SHM_SH_CCKDIRECT;
3440 basic = B43_SHM_SH_CCKBASIC;
3441 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3444 direct = B43_SHM_SH_OFDMDIRECT;
3445 basic = B43_SHM_SH_OFDMBASIC;
3446 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3450 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3452 if (b43_is_cck_rate(rate->hw_value)) {
3453 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3454 basic_offset &= 0xF;
3456 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3457 basic_offset &= 0xF;
3461 * Get the pointer that we need to point to
3462 * from the direct map
3464 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3465 direct + 2 * basic_offset);
3466 /* and write it to the basic map */
3467 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3472 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3473 struct ieee80211_vif *vif,
3474 struct ieee80211_bss_conf *conf,
3477 struct b43_wl *wl = hw_to_b43_wl(hw);
3478 struct b43_wldev *dev;
3479 unsigned long flags;
3481 mutex_lock(&wl->mutex);
3483 dev = wl->current_dev;
3484 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3485 goto out_unlock_mutex;
3487 B43_WARN_ON(wl->vif != vif);
3489 spin_lock_irqsave(&wl->irq_lock, flags);
3490 if (changed & BSS_CHANGED_BSSID) {
3492 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3494 memset(wl->bssid, 0, ETH_ALEN);
3497 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3498 if (changed & BSS_CHANGED_BEACON &&
3499 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3500 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3501 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3502 b43_update_templates(wl);
3504 if (changed & BSS_CHANGED_BSSID)
3505 b43_write_mac_bssid_templates(dev);
3507 spin_unlock_irqrestore(&wl->irq_lock, flags);
3509 b43_mac_suspend(dev);
3511 /* Update templates for AP/mesh mode. */
3512 if (changed & BSS_CHANGED_BEACON_INT &&
3513 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3514 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3515 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3516 b43_set_beacon_int(dev, conf->beacon_int);
3518 if (changed & BSS_CHANGED_BASIC_RATES)
3519 b43_update_basic_rates(dev, conf->basic_rates);
3521 if (changed & BSS_CHANGED_ERP_SLOT) {
3522 if (conf->use_short_slot)
3523 b43_short_slot_timing_enable(dev);
3525 b43_short_slot_timing_disable(dev);
3528 b43_mac_enable(dev);
3530 mutex_unlock(&wl->mutex);
3533 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3534 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3535 struct ieee80211_key_conf *key)
3537 struct b43_wl *wl = hw_to_b43_wl(hw);
3538 struct b43_wldev *dev;
3542 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3544 if (modparam_nohwcrypt)
3545 return -ENOSPC; /* User disabled HW-crypto */
3547 mutex_lock(&wl->mutex);
3548 spin_lock_irq(&wl->irq_lock);
3549 write_lock(&wl->tx_lock);
3550 /* Why do we need all this locking here?
3551 * mutex -> Every config operation must take it.
3552 * irq_lock -> We modify the dev->key array, which is accessed
3553 * in the IRQ handlers.
3554 * tx_lock -> We modify the dev->key array, which is accessed
3555 * in the TX handler.
3558 dev = wl->current_dev;
3560 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3563 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
3564 /* We don't have firmware for the crypto engine.
3565 * Must use software-crypto. */
3573 if (key->keylen == WLAN_KEY_LEN_WEP40)
3574 algorithm = B43_SEC_ALGO_WEP40;
3576 algorithm = B43_SEC_ALGO_WEP104;
3579 algorithm = B43_SEC_ALGO_TKIP;
3582 algorithm = B43_SEC_ALGO_AES;
3588 index = (u8) (key->keyidx);
3594 if (algorithm == B43_SEC_ALGO_TKIP) {
3595 /* FIXME: No TKIP hardware encryption for now. */
3600 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3601 if (WARN_ON(!sta)) {
3605 /* Pairwise key with an assigned MAC address. */
3606 err = b43_key_write(dev, -1, algorithm,
3607 key->key, key->keylen,
3611 err = b43_key_write(dev, index, algorithm,
3612 key->key, key->keylen, NULL, key);
3617 if (algorithm == B43_SEC_ALGO_WEP40 ||
3618 algorithm == B43_SEC_ALGO_WEP104) {
3619 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3622 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3624 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3627 err = b43_key_clear(dev, key->hw_key_idx);
3638 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3640 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3641 sta ? sta->addr : bcast_addr);
3642 b43_dump_keymemory(dev);
3644 write_unlock(&wl->tx_lock);
3645 spin_unlock_irq(&wl->irq_lock);
3646 mutex_unlock(&wl->mutex);
3651 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3652 unsigned int changed, unsigned int *fflags,
3653 int mc_count, struct dev_addr_list *mc_list)
3655 struct b43_wl *wl = hw_to_b43_wl(hw);
3656 struct b43_wldev *dev = wl->current_dev;
3657 unsigned long flags;
3664 spin_lock_irqsave(&wl->irq_lock, flags);
3665 *fflags &= FIF_PROMISC_IN_BSS |
3671 FIF_BCN_PRBRESP_PROMISC;
3673 changed &= FIF_PROMISC_IN_BSS |
3679 FIF_BCN_PRBRESP_PROMISC;
3681 wl->filter_flags = *fflags;
3683 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3684 b43_adjust_opmode(dev);
3685 spin_unlock_irqrestore(&wl->irq_lock, flags);
3688 /* Locking: wl->mutex */
3689 static void b43_wireless_core_stop(struct b43_wldev *dev)
3691 struct b43_wl *wl = dev->wl;
3692 unsigned long flags;
3694 if (b43_status(dev) < B43_STAT_STARTED)
3697 /* Disable and sync interrupts. We must do this before than
3698 * setting the status to INITIALIZED, as the interrupt handler
3699 * won't care about IRQs then. */
3700 spin_lock_irqsave(&wl->irq_lock, flags);
3701 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3702 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3703 spin_unlock_irqrestore(&wl->irq_lock, flags);
3704 b43_synchronize_irq(dev);
3706 write_lock_irqsave(&wl->tx_lock, flags);
3707 b43_set_status(dev, B43_STAT_INITIALIZED);
3708 write_unlock_irqrestore(&wl->tx_lock, flags);
3711 mutex_unlock(&wl->mutex);
3712 /* Must unlock as it would otherwise deadlock. No races here.
3713 * Cancel the possibly running self-rearming periodic work. */
3714 cancel_delayed_work_sync(&dev->periodic_work);
3715 mutex_lock(&wl->mutex);
3717 b43_mac_suspend(dev);
3718 free_irq(dev->dev->irq, dev);
3719 b43dbg(wl, "Wireless interface stopped\n");
3722 /* Locking: wl->mutex */
3723 static int b43_wireless_core_start(struct b43_wldev *dev)
3727 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3729 drain_txstatus_queue(dev);
3730 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3731 IRQF_SHARED, KBUILD_MODNAME, dev);
3733 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3737 /* We are ready to run. */
3738 b43_set_status(dev, B43_STAT_STARTED);
3740 /* Start data flow (TX/RX). */
3741 b43_mac_enable(dev);
3742 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
3744 /* Start maintainance work */
3745 b43_periodic_tasks_setup(dev);
3747 b43dbg(dev->wl, "Wireless interface started\n");
3752 /* Get PHY and RADIO versioning numbers */
3753 static int b43_phy_versioning(struct b43_wldev *dev)
3755 struct b43_phy *phy = &dev->phy;
3763 int unsupported = 0;
3765 /* Get PHY versioning */
3766 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3767 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3768 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3769 phy_rev = (tmp & B43_PHYVER_VERSION);
3776 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3784 #ifdef CONFIG_B43_NPHY
3790 #ifdef CONFIG_B43_PHY_LP
3791 case B43_PHYTYPE_LP:
3800 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3801 "(Analog %u, Type %u, Revision %u)\n",
3802 analog_type, phy_type, phy_rev);
3805 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3806 analog_type, phy_type, phy_rev);
3808 /* Get RADIO versioning */
3809 if (dev->dev->bus->chip_id == 0x4317) {
3810 if (dev->dev->bus->chip_rev == 0)
3812 else if (dev->dev->bus->chip_rev == 1)
3817 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3818 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3819 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3820 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3822 radio_manuf = (tmp & 0x00000FFF);
3823 radio_ver = (tmp & 0x0FFFF000) >> 12;
3824 radio_rev = (tmp & 0xF0000000) >> 28;
3825 if (radio_manuf != 0x17F /* Broadcom */)
3829 if (radio_ver != 0x2060)
3833 if (radio_manuf != 0x17F)
3837 if ((radio_ver & 0xFFF0) != 0x2050)
3841 if (radio_ver != 0x2050)
3845 if (radio_ver != 0x2055 && radio_ver != 0x2056)
3848 case B43_PHYTYPE_LP:
3849 if (radio_ver != 0x2062)
3856 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3857 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3858 radio_manuf, radio_ver, radio_rev);
3861 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3862 radio_manuf, radio_ver, radio_rev);
3864 phy->radio_manuf = radio_manuf;
3865 phy->radio_ver = radio_ver;
3866 phy->radio_rev = radio_rev;
3868 phy->analog = analog_type;
3869 phy->type = phy_type;
3875 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3876 struct b43_phy *phy)
3878 phy->hardware_power_control = !!modparam_hwpctl;
3879 phy->next_txpwr_check_time = jiffies;
3880 /* PHY TX errors counter. */
3881 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3884 phy->phy_locked = 0;
3885 phy->radio_locked = 0;
3889 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3893 /* Assume the radio is enabled. If it's not enabled, the state will
3894 * immediately get fixed on the first periodic work run. */
3895 dev->radio_hw_enable = 1;
3898 memset(&dev->stats, 0, sizeof(dev->stats));
3900 setup_struct_phy_for_init(dev, &dev->phy);
3902 /* IRQ related flags */
3903 dev->irq_reason = 0;
3904 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3905 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
3906 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
3907 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
3909 dev->mac_suspended = 1;
3911 /* Noise calculation context */
3912 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3915 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3917 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3920 if (!modparam_btcoex)
3922 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3924 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3927 hf = b43_hf_read(dev);
3928 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3929 hf |= B43_HF_BTCOEXALT;
3931 hf |= B43_HF_BTCOEX;
3932 b43_hf_write(dev, hf);
3935 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3937 if (!modparam_btcoex)
3942 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3944 #ifdef CONFIG_SSB_DRIVER_PCICORE
3945 struct ssb_bus *bus = dev->dev->bus;
3948 if (bus->pcicore.dev &&
3949 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3950 bus->pcicore.dev->id.revision <= 5) {
3951 /* IMCFGLO timeouts workaround. */
3952 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3953 tmp &= ~SSB_IMCFGLO_REQTO;
3954 tmp &= ~SSB_IMCFGLO_SERTO;
3955 switch (bus->bustype) {
3956 case SSB_BUSTYPE_PCI:
3957 case SSB_BUSTYPE_PCMCIA:
3960 case SSB_BUSTYPE_SSB:
3964 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3966 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3969 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3973 /* The time value is in microseconds. */
3974 if (dev->phy.type == B43_PHYTYPE_A)
3978 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
3980 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3981 pu_delay = max(pu_delay, (u16)2400);
3983 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3986 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3987 static void b43_set_pretbtt(struct b43_wldev *dev)
3991 /* The time value is in microseconds. */
3992 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
3995 if (dev->phy.type == B43_PHYTYPE_A)
4000 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4001 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4004 /* Shutdown a wireless core */
4005 /* Locking: wl->mutex */
4006 static void b43_wireless_core_exit(struct b43_wldev *dev)
4010 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
4011 if (b43_status(dev) != B43_STAT_INITIALIZED)
4013 b43_set_status(dev, B43_STAT_UNINIT);
4015 /* Stop the microcode PSM. */
4016 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4017 macctl &= ~B43_MACCTL_PSM_RUN;
4018 macctl |= B43_MACCTL_PSM_JMP0;
4019 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4021 if (!dev->suspend_in_progress) {
4023 b43_rng_exit(dev->wl);
4028 dev->phy.ops->switch_analog(dev, 0);
4029 if (dev->wl->current_beacon) {
4030 dev_kfree_skb_any(dev->wl->current_beacon);
4031 dev->wl->current_beacon = NULL;
4034 ssb_device_disable(dev->dev, 0);
4035 ssb_bus_may_powerdown(dev->dev->bus);
4038 /* Initialize a wireless core */
4039 static int b43_wireless_core_init(struct b43_wldev *dev)
4041 struct b43_wl *wl = dev->wl;
4042 struct ssb_bus *bus = dev->dev->bus;
4043 struct ssb_sprom *sprom = &bus->sprom;
4044 struct b43_phy *phy = &dev->phy;
4049 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4051 err = ssb_bus_powerup(bus, 0);
4054 if (!ssb_device_is_enabled(dev->dev)) {
4055 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4056 b43_wireless_core_reset(dev, tmp);
4059 /* Reset all data structures. */
4060 setup_struct_wldev_for_init(dev);
4061 phy->ops->prepare_structs(dev);
4063 /* Enable IRQ routing to this device. */
4064 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4066 b43_imcfglo_timeouts_workaround(dev);
4067 b43_bluetooth_coext_disable(dev);
4068 if (phy->ops->prepare_hardware) {
4069 err = phy->ops->prepare_hardware(dev);
4073 err = b43_chip_init(dev);
4076 b43_shm_write16(dev, B43_SHM_SHARED,
4077 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4078 hf = b43_hf_read(dev);
4079 if (phy->type == B43_PHYTYPE_G) {
4083 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4084 hf |= B43_HF_OFDMPABOOST;
4086 if (phy->radio_ver == 0x2050) {
4087 if (phy->radio_rev == 6)
4088 hf |= B43_HF_4318TSSI;
4089 if (phy->radio_rev < 6)
4090 hf |= B43_HF_VCORECALC;
4092 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4093 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4094 #ifdef CONFIG_SSB_DRIVER_PCICORE
4095 if ((bus->bustype == SSB_BUSTYPE_PCI) &&
4096 (bus->pcicore.dev->id.revision <= 10))
4097 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4099 hf &= ~B43_HF_SKCFPUP;
4100 b43_hf_write(dev, hf);
4102 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4103 B43_DEFAULT_LONG_RETRY_LIMIT);
4104 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4105 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4107 /* Disable sending probe responses from firmware.
4108 * Setting the MaxTime to one usec will always trigger
4109 * a timeout, so we never send any probe resp.
4110 * A timeout of zero is infinite. */
4111 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4113 b43_rate_memory_init(dev);
4114 b43_set_phytxctl_defaults(dev);
4116 /* Minimum Contention Window */
4117 if (phy->type == B43_PHYTYPE_B) {
4118 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4120 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4122 /* Maximum Contention Window */
4123 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4125 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4126 dev->__using_pio_transfers = 1;
4127 err = b43_pio_init(dev);
4129 dev->__using_pio_transfers = 0;
4130 err = b43_dma_init(dev);
4135 b43_set_synth_pu_delay(dev, 1);
4136 b43_bluetooth_coext_enable(dev);
4138 ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4139 b43_upload_card_macaddress(dev);
4140 b43_security_init(dev);
4141 if (!dev->suspend_in_progress)
4144 b43_set_status(dev, B43_STAT_INITIALIZED);
4146 if (!dev->suspend_in_progress)
4154 ssb_bus_may_powerdown(bus);
4155 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4159 static int b43_op_add_interface(struct ieee80211_hw *hw,
4160 struct ieee80211_if_init_conf *conf)
4162 struct b43_wl *wl = hw_to_b43_wl(hw);
4163 struct b43_wldev *dev;
4164 unsigned long flags;
4165 int err = -EOPNOTSUPP;
4167 /* TODO: allow WDS/AP devices to coexist */
4169 if (conf->type != NL80211_IFTYPE_AP &&
4170 conf->type != NL80211_IFTYPE_MESH_POINT &&
4171 conf->type != NL80211_IFTYPE_STATION &&
4172 conf->type != NL80211_IFTYPE_WDS &&
4173 conf->type != NL80211_IFTYPE_ADHOC)
4176 mutex_lock(&wl->mutex);
4178 goto out_mutex_unlock;
4180 b43dbg(wl, "Adding Interface type %d\n", conf->type);
4182 dev = wl->current_dev;
4184 wl->vif = conf->vif;
4185 wl->if_type = conf->type;
4186 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4188 spin_lock_irqsave(&wl->irq_lock, flags);
4189 b43_adjust_opmode(dev);
4190 b43_set_pretbtt(dev);
4191 b43_set_synth_pu_delay(dev, 0);
4192 b43_upload_card_macaddress(dev);
4193 spin_unlock_irqrestore(&wl->irq_lock, flags);
4197 mutex_unlock(&wl->mutex);
4202 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4203 struct ieee80211_if_init_conf *conf)
4205 struct b43_wl *wl = hw_to_b43_wl(hw);
4206 struct b43_wldev *dev = wl->current_dev;
4207 unsigned long flags;
4209 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4211 mutex_lock(&wl->mutex);
4213 B43_WARN_ON(!wl->operating);
4214 B43_WARN_ON(wl->vif != conf->vif);
4219 spin_lock_irqsave(&wl->irq_lock, flags);
4220 b43_adjust_opmode(dev);
4221 memset(wl->mac_addr, 0, ETH_ALEN);
4222 b43_upload_card_macaddress(dev);
4223 spin_unlock_irqrestore(&wl->irq_lock, flags);
4225 mutex_unlock(&wl->mutex);
4228 static int b43_op_start(struct ieee80211_hw *hw)
4230 struct b43_wl *wl = hw_to_b43_wl(hw);
4231 struct b43_wldev *dev = wl->current_dev;
4235 /* Kill all old instance specific information to make sure
4236 * the card won't use it in the short timeframe between start
4237 * and mac80211 reconfiguring it. */
4238 memset(wl->bssid, 0, ETH_ALEN);
4239 memset(wl->mac_addr, 0, ETH_ALEN);
4240 wl->filter_flags = 0;
4241 wl->radiotap_enabled = 0;
4243 wl->beacon0_uploaded = 0;
4244 wl->beacon1_uploaded = 0;
4245 wl->beacon_templates_virgin = 1;
4246 wl->radio_enabled = 1;
4248 mutex_lock(&wl->mutex);
4250 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4251 err = b43_wireless_core_init(dev);
4253 goto out_mutex_unlock;
4257 if (b43_status(dev) < B43_STAT_STARTED) {
4258 err = b43_wireless_core_start(dev);
4261 b43_wireless_core_exit(dev);
4262 goto out_mutex_unlock;
4266 /* XXX: only do if device doesn't support rfkill irq */
4267 wiphy_rfkill_start_polling(hw->wiphy);
4270 mutex_unlock(&wl->mutex);
4275 static void b43_op_stop(struct ieee80211_hw *hw)
4277 struct b43_wl *wl = hw_to_b43_wl(hw);
4278 struct b43_wldev *dev = wl->current_dev;
4280 cancel_work_sync(&(wl->beacon_update_trigger));
4282 mutex_lock(&wl->mutex);
4283 if (b43_status(dev) >= B43_STAT_STARTED)
4284 b43_wireless_core_stop(dev);
4285 b43_wireless_core_exit(dev);
4286 wl->radio_enabled = 0;
4287 mutex_unlock(&wl->mutex);
4289 cancel_work_sync(&(wl->txpower_adjust_work));
4292 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4293 struct ieee80211_sta *sta, bool set)
4295 struct b43_wl *wl = hw_to_b43_wl(hw);
4296 unsigned long flags;
4298 spin_lock_irqsave(&wl->irq_lock, flags);
4299 b43_update_templates(wl);
4300 spin_unlock_irqrestore(&wl->irq_lock, flags);
4305 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4306 struct ieee80211_vif *vif,
4307 enum sta_notify_cmd notify_cmd,
4308 struct ieee80211_sta *sta)
4310 struct b43_wl *wl = hw_to_b43_wl(hw);
4312 B43_WARN_ON(!vif || wl->vif != vif);
4315 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4317 struct b43_wl *wl = hw_to_b43_wl(hw);
4318 struct b43_wldev *dev;
4320 mutex_lock(&wl->mutex);
4321 dev = wl->current_dev;
4322 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4323 /* Disable CFP update during scan on other channels. */
4324 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4326 mutex_unlock(&wl->mutex);
4329 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4331 struct b43_wl *wl = hw_to_b43_wl(hw);
4332 struct b43_wldev *dev;
4334 mutex_lock(&wl->mutex);
4335 dev = wl->current_dev;
4336 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4337 /* Re-enable CFP update. */
4338 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4340 mutex_unlock(&wl->mutex);
4343 static const struct ieee80211_ops b43_hw_ops = {
4345 .conf_tx = b43_op_conf_tx,
4346 .add_interface = b43_op_add_interface,
4347 .remove_interface = b43_op_remove_interface,
4348 .config = b43_op_config,
4349 .bss_info_changed = b43_op_bss_info_changed,
4350 .configure_filter = b43_op_configure_filter,
4351 .set_key = b43_op_set_key,
4352 .get_stats = b43_op_get_stats,
4353 .get_tx_stats = b43_op_get_tx_stats,
4354 .get_tsf = b43_op_get_tsf,
4355 .set_tsf = b43_op_set_tsf,
4356 .start = b43_op_start,
4357 .stop = b43_op_stop,
4358 .set_tim = b43_op_beacon_set_tim,
4359 .sta_notify = b43_op_sta_notify,
4360 .sw_scan_start = b43_op_sw_scan_start_notifier,
4361 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
4362 .rfkill_poll = b43_rfkill_poll,
4365 /* Hard-reset the chip. Do not call this directly.
4366 * Use b43_controller_restart()
4368 static void b43_chip_reset(struct work_struct *work)
4370 struct b43_wldev *dev =
4371 container_of(work, struct b43_wldev, restart_work);
4372 struct b43_wl *wl = dev->wl;
4376 mutex_lock(&wl->mutex);
4378 prev_status = b43_status(dev);
4379 /* Bring the device down... */
4380 if (prev_status >= B43_STAT_STARTED)
4381 b43_wireless_core_stop(dev);
4382 if (prev_status >= B43_STAT_INITIALIZED)
4383 b43_wireless_core_exit(dev);
4385 /* ...and up again. */
4386 if (prev_status >= B43_STAT_INITIALIZED) {
4387 err = b43_wireless_core_init(dev);
4391 if (prev_status >= B43_STAT_STARTED) {
4392 err = b43_wireless_core_start(dev);
4394 b43_wireless_core_exit(dev);
4400 wl->current_dev = NULL; /* Failed to init the dev. */
4401 mutex_unlock(&wl->mutex);
4403 b43err(wl, "Controller restart FAILED\n");
4405 b43info(wl, "Controller restarted\n");
4408 static int b43_setup_bands(struct b43_wldev *dev,
4409 bool have_2ghz_phy, bool have_5ghz_phy)
4411 struct ieee80211_hw *hw = dev->wl->hw;
4414 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4415 if (dev->phy.type == B43_PHYTYPE_N) {
4417 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4420 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4423 dev->phy.supports_2ghz = have_2ghz_phy;
4424 dev->phy.supports_5ghz = have_5ghz_phy;
4429 static void b43_wireless_core_detach(struct b43_wldev *dev)
4431 /* We release firmware that late to not be required to re-request
4432 * is all the time when we reinit the core. */
4433 b43_release_firmware(dev);
4437 static int b43_wireless_core_attach(struct b43_wldev *dev)
4439 struct b43_wl *wl = dev->wl;
4440 struct ssb_bus *bus = dev->dev->bus;
4441 struct pci_dev *pdev = bus->host_pci;
4443 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4446 /* Do NOT do any device initialization here.
4447 * Do it in wireless_core_init() instead.
4448 * This function is for gathering basic information about the HW, only.
4449 * Also some structs may be set up here. But most likely you want to have
4450 * that in core_init(), too.
4453 err = ssb_bus_powerup(bus, 0);
4455 b43err(wl, "Bus powerup failed\n");
4458 /* Get the PHY type. */
4459 if (dev->dev->id.revision >= 5) {
4462 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4463 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4464 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4468 dev->phy.gmode = have_2ghz_phy;
4469 dev->phy.radio_on = 1;
4470 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4471 b43_wireless_core_reset(dev, tmp);
4473 err = b43_phy_versioning(dev);
4476 /* Check if this device supports multiband. */
4478 (pdev->device != 0x4312 &&
4479 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4480 /* No multiband support. */
4483 switch (dev->phy.type) {
4489 case B43_PHYTYPE_LP:
4496 if (dev->phy.type == B43_PHYTYPE_A) {
4498 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4502 if (1 /* disable A-PHY */) {
4503 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4504 if (dev->phy.type != B43_PHYTYPE_N) {
4510 err = b43_phy_allocate(dev);
4514 dev->phy.gmode = have_2ghz_phy;
4515 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4516 b43_wireless_core_reset(dev, tmp);
4518 err = b43_validate_chipaccess(dev);
4521 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4525 /* Now set some default "current_dev" */
4526 if (!wl->current_dev)
4527 wl->current_dev = dev;
4528 INIT_WORK(&dev->restart_work, b43_chip_reset);
4530 dev->phy.ops->switch_analog(dev, 0);
4531 ssb_device_disable(dev->dev, 0);
4532 ssb_bus_may_powerdown(bus);
4540 ssb_bus_may_powerdown(bus);
4544 static void b43_one_core_detach(struct ssb_device *dev)
4546 struct b43_wldev *wldev;
4549 /* Do not cancel ieee80211-workqueue based work here.
4550 * See comment in b43_remove(). */
4552 wldev = ssb_get_drvdata(dev);
4554 b43_debugfs_remove_device(wldev);
4555 b43_wireless_core_detach(wldev);
4556 list_del(&wldev->list);
4558 ssb_set_drvdata(dev, NULL);
4562 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4564 struct b43_wldev *wldev;
4565 struct pci_dev *pdev;
4568 if (!list_empty(&wl->devlist)) {
4569 /* We are not the first core on this chip. */
4570 pdev = dev->bus->host_pci;
4571 /* Only special chips support more than one wireless
4572 * core, although some of the other chips have more than
4573 * one wireless core as well. Check for this and
4577 ((pdev->device != 0x4321) &&
4578 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4579 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4584 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4590 b43_set_status(wldev, B43_STAT_UNINIT);
4591 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4592 tasklet_init(&wldev->isr_tasklet,
4593 (void (*)(unsigned long))b43_interrupt_tasklet,
4594 (unsigned long)wldev);
4595 INIT_LIST_HEAD(&wldev->list);
4597 err = b43_wireless_core_attach(wldev);
4599 goto err_kfree_wldev;
4601 list_add(&wldev->list, &wl->devlist);
4603 ssb_set_drvdata(dev, wldev);
4604 b43_debugfs_add_device(wldev);
4614 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4615 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4616 (pdev->device == _device) && \
4617 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4618 (pdev->subsystem_device == _subdevice) )
4620 static void b43_sprom_fixup(struct ssb_bus *bus)
4622 struct pci_dev *pdev;
4624 /* boardflags workarounds */
4625 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4626 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4627 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4628 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4629 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4630 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4631 if (bus->bustype == SSB_BUSTYPE_PCI) {
4632 pdev = bus->host_pci;
4633 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4634 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
4635 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
4636 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4637 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4638 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4639 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4640 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4644 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4646 struct ieee80211_hw *hw = wl->hw;
4648 ssb_set_devtypedata(dev, NULL);
4649 ieee80211_free_hw(hw);
4652 static int b43_wireless_init(struct ssb_device *dev)
4654 struct ssb_sprom *sprom = &dev->bus->sprom;
4655 struct ieee80211_hw *hw;
4659 b43_sprom_fixup(dev->bus);
4661 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4663 b43err(NULL, "Could not allocate ieee80211 device\n");
4666 wl = hw_to_b43_wl(hw);
4669 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4670 IEEE80211_HW_SIGNAL_DBM |
4671 IEEE80211_HW_NOISE_DBM;
4673 hw->wiphy->interface_modes =
4674 BIT(NL80211_IFTYPE_AP) |
4675 BIT(NL80211_IFTYPE_MESH_POINT) |
4676 BIT(NL80211_IFTYPE_STATION) |
4677 BIT(NL80211_IFTYPE_WDS) |
4678 BIT(NL80211_IFTYPE_ADHOC);
4680 hw->queues = modparam_qos ? 4 : 1;
4681 wl->mac80211_initially_registered_queues = hw->queues;
4683 SET_IEEE80211_DEV(hw, dev->dev);
4684 if (is_valid_ether_addr(sprom->et1mac))
4685 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4687 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4689 /* Initialize struct b43_wl */
4691 spin_lock_init(&wl->irq_lock);
4692 rwlock_init(&wl->tx_lock);
4693 spin_lock_init(&wl->leds_lock);
4694 spin_lock_init(&wl->shm_lock);
4695 mutex_init(&wl->mutex);
4696 INIT_LIST_HEAD(&wl->devlist);
4697 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4698 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4700 ssb_set_devtypedata(dev, wl);
4701 b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
4702 dev->bus->chip_id, dev->id.revision);
4708 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4714 wl = ssb_get_devtypedata(dev);
4716 /* Probing the first core. Must setup common struct b43_wl */
4718 err = b43_wireless_init(dev);
4721 wl = ssb_get_devtypedata(dev);
4724 err = b43_one_core_attach(dev, wl);
4726 goto err_wireless_exit;
4729 err = ieee80211_register_hw(wl->hw);
4731 goto err_one_core_detach;
4737 err_one_core_detach:
4738 b43_one_core_detach(dev);
4741 b43_wireless_exit(dev, wl);
4745 static void b43_remove(struct ssb_device *dev)
4747 struct b43_wl *wl = ssb_get_devtypedata(dev);
4748 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4750 /* We must cancel any work here before unregistering from ieee80211,
4751 * as the ieee80211 unreg will destroy the workqueue. */
4752 cancel_work_sync(&wldev->restart_work);
4755 if (wl->current_dev == wldev) {
4756 /* Restore the queues count before unregistering, because firmware detect
4757 * might have modified it. Restoring is important, so the networking
4758 * stack can properly free resources. */
4759 wl->hw->queues = wl->mac80211_initially_registered_queues;
4760 ieee80211_unregister_hw(wl->hw);
4763 b43_one_core_detach(dev);
4765 if (list_empty(&wl->devlist)) {
4766 /* Last core on the chip unregistered.
4767 * We can destroy common struct b43_wl.
4769 b43_wireless_exit(dev, wl);
4773 /* Perform a hardware reset. This can be called from any context. */
4774 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4776 /* Must avoid requeueing, if we are in shutdown. */
4777 if (b43_status(dev) < B43_STAT_INITIALIZED)
4779 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4780 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
4785 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4787 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4788 struct b43_wl *wl = wldev->wl;
4790 b43dbg(wl, "Suspending...\n");
4792 mutex_lock(&wl->mutex);
4793 wldev->suspend_in_progress = true;
4794 wldev->suspend_init_status = b43_status(wldev);
4795 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4796 b43_wireless_core_stop(wldev);
4797 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4798 b43_wireless_core_exit(wldev);
4799 mutex_unlock(&wl->mutex);
4801 b43dbg(wl, "Device suspended.\n");
4806 static int b43_resume(struct ssb_device *dev)
4808 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4809 struct b43_wl *wl = wldev->wl;
4812 b43dbg(wl, "Resuming...\n");
4814 mutex_lock(&wl->mutex);
4815 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4816 err = b43_wireless_core_init(wldev);
4818 b43err(wl, "Resume failed at core init\n");
4822 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4823 err = b43_wireless_core_start(wldev);
4825 b43_leds_exit(wldev);
4826 b43_rng_exit(wldev->wl);
4827 b43_wireless_core_exit(wldev);
4828 b43err(wl, "Resume failed at core start\n");
4832 b43dbg(wl, "Device resumed.\n");
4834 wldev->suspend_in_progress = false;
4835 mutex_unlock(&wl->mutex);
4839 #else /* CONFIG_PM */
4840 # define b43_suspend NULL
4841 # define b43_resume NULL
4842 #endif /* CONFIG_PM */
4844 static struct ssb_driver b43_ssb_driver = {
4845 .name = KBUILD_MODNAME,
4846 .id_table = b43_ssb_tbl,
4848 .remove = b43_remove,
4849 .suspend = b43_suspend,
4850 .resume = b43_resume,
4853 static void b43_print_driverinfo(void)
4855 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4858 #ifdef CONFIG_B43_PCI_AUTOSELECT
4861 #ifdef CONFIG_B43_PCMCIA
4864 #ifdef CONFIG_B43_NPHY
4867 #ifdef CONFIG_B43_LEDS
4870 printk(KERN_INFO "Broadcom 43xx driver loaded "
4871 "[ Features: %s%s%s%s, Firmware-ID: "
4872 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4873 feat_pci, feat_pcmcia, feat_nphy,
4877 static int __init b43_init(void)
4882 err = b43_pcmcia_init();
4885 err = ssb_driver_register(&b43_ssb_driver);
4887 goto err_pcmcia_exit;
4888 b43_print_driverinfo();
4899 static void __exit b43_exit(void)
4901 ssb_driver_unregister(&b43_ssb_driver);
4906 module_init(b43_init)
4907 module_exit(b43_exit)
git.openpandora.org / pandora-kernel.git / blob